How to Enable BitLocker on Windows 10 Without TPM

Ujjwal Kumar By: Ujjwal Kumar
2 minute read

Home » Windows » How to Enable BitLocker on Windows 10 Without TPM

Windows Bitlocker is a fantastic tool – allowing you to fully encrypt your data directly on the hard disk level, giving you an extra layer of privacy that you demand. However, Bitlocker has its limitations – more like security features that prove to be a limitation for some. There is a security chip called Trusted Platform Module – or in short “TPM” – that is supposed to store the encryption key for your encrypted hard disk.

When you encrypt something, on the basic level it is comparable to putting something in a locker – so the name bitlocker actually does make sense. Any encrypted data has a key known as its “encryption key” – whoever has this key is able to decrypt the data. Now obviously, this means the key needs to be stored somewhere safe – that is what the TPM chip is for.

Now the problem comes here – some older hard disks or even some newer ones don’t have this TPM chip, either because the hard disks were too old to consider it or the manufacturer was trying to keep the manufacturing costs low and thus skipped on an optional feature. There is however a way to get around this requirement of a TPM and chip and encrypt your drive anyway. And it’s not that hard to do, so let’s get straight to it:

  • Open your Start Menu and type “gpedit.msc”, then click the top result. This will open the Group Policy Editor.
  • Under “Local Computer Policy”, follow this path: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.

  • Now locate “Require additional authentication at startup” and right click it, then click Edit.
  • On this window, click Enabled and under Options check the box that says “Allow BitLocker without a compatible TPM”.
  • Now click OK, and close the Local Policy Editor.
  • Now open the BitLocker setup once again on the drive you want to encrypt, it should ask you to go through a restart to prepare the disk.
  • Once you have restarted, it will ask you to set up a Startup key for every time you start your PC – this is the key that was supposed to be saved on the TPM chip but since we have bypassed that, you will need to save this on a USB flash drive. That’s your key now.

Now you can encrypt your hard disk even though it doesn’t have a TPM chip – and store the key for encryption in a handy USB flash drive that you can unplug from your PC to deny access to the drive. Exactly works like a physical key at this point.

This is the beauty of Windows – the reason Windows is so complex is because of how many options it features. It’s easy to make a feature – it’s harder to make a feature that can be tweaked in every way possible.

Discussions

Next up

Microsoft Edge got hacked at Pwn2Own 2019, patch incoming

Rabia Noureen avatar. By: Rabia Noureen
2 minute read

Security researchers hacked Microsoft Edge and Mozilla Firefox right and earned a cash prize of $270K at Pwn2Own hacking event.  The Firefox 66 browser was announced on March 19, so […]

Continue Reading

Movavi Video Editor Plus: Probably the best video editor of 2019

Milan Stanojevic avatar. By: Milan Stanojevic
4 minute read

Editing videos isn’t as hard if you have the right tool for the job. There is a wide array of video editors on the market. […]

Continue Reading

Getting The user account code is null error? Here’s how to fix it

Johnny Williams avatar. By: Johnny Williams
2 minute read

Microsoft Outlook is a personal information manager from Microsoft’s Office suite, and it’s available to both individual users and organizations alike. Although often used as […]

Continue Reading