Local drive security flaws are widespread in Windows systems. Microsoft responded by introducing a feature known as BitLocker. To use the BitLocker encryption feature, a system must have TPM (Trusted Platform Module). But, PCs not having TPM can also use this feature. In this article, we will discuss how to enable BitLocker without TPM on Windows. Before that, let us discuss BitLocker in brief.
What Is BitLocker Encryption?
BitLocker Drive Encryption is used for data protection in drives or portable drives. It is integrated with the PC’s operating system and handles the danger of data theft or exposure from loss or untrustworthy systems.
BitLocker can function on its own, that is, without TPM, but it performs much better when combined with TPM. BitLocker protects computers when they are not in use, as computers are more vulnerable and easily tampered with when they are not in use.
Your PC must meet specific system requirements to support BitLocker. TPM version 1.2 or higher is required, and your hard disk should have two partitions.
- The first partition should be the system partition(NTFS), storing the necessary files to boot a computer.
- The second partition should be an Operating System partition with your Windows operating system installed.
- Finally, a BIOS that supports TPM is required. If not, it is recommended that you update your BIOS before attempting to enable BitLocker on your PC.
Why Does BitLocker Prefer TPM?
The Trusted Platform Module (TPM) is hardware computer manufacturers install when creating newer models. Essentially, it is a highly advanced microchip that performs multiple security checks on your computer. If your computer has a TPM version 1.2 or higher, BitLocker will use it to store its key. Yes, the chip itself generates and holds the encryption keys.
It ensures the drive’s data is not accessible when connected to another PC as the key to encrypt the data will be missing. So even if someone steals your storage device, the computer will ask for a TPM key.
How to use BitLocker without a TPM
Many older PCs do not have the TPM chip installed. Even if a system has TPM support, users are hesitant to tamper with or update the BIOS settings. However, as previously stated, you can still use the BitLocker feature to encrypt a drive in the Windows operating system. Several approaches can be taken. We’ll go over each method step by step to fully understand how to use them.
- Changing Group Policy
- USB Flash Drive To Setup Bitlocker Drive Encryption
Let’s try to understand these methods thoroughly.
1. By Changing Group Policy
Enabling BitLocker without using TPM can be done by making Group Policy changes. You can change these settings on your personal computer by performing these steps using an administrator account.
- Press Windows + R buttons on your keyboard and type gpedit.msc
- Press Enter.
- Now, the Group Policy Object Editor window will appear.
- Go to the following path:
Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives
- Double-click on the Require additional authentication at startup option on the right pane.
- Finally, select Enabled at the top of the window.
- Make sure that the Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) checkbox is enabled.
- Click OK to apply your changes. The Group Policy Window can now be closed.
- Restart isn’t required for the changes to take place.
2. By Using A USB Flash Drive To Setup Bitlocker Drive Encryption
To perform this method, you’ll need a USB flash drive. And the flash drive must be inserted into your computer when you’re going to start it. Here’s how you can do it:
- Insert the USB flash drive into your computer.
- Click Start, type BitLocker.
- Click on Manage Bitlocker.
- Now, click on Turn On BitLocker on the Operating System Volume.
- Then, on the Set BitLocker Startup Preferences page, select the Require Startup USB Key at every Startup.
- Finally, select the location of the USB flash drive, and click on Save.
- The Save the Recovery Password page will appear with three options.
- Select the option named Save the Password on a USB drive. It’ll save the password on the inserted USB drive.
- After selecting the give option, click Next. Now, the Encrypt the Selected Disk Volume page will appear.
- Make sure that Run BitLocker System Check is selected, press Continue.
- Lastly, click on Restart Now. After the encryption is completed, the computer will restart.
How To Enable BitLocker on your Windows PC
As we’ve already discussed, how can we use BitLocker on a system without using TPM? Now, we’ll see how we can properly enable BitLocker on a device:
- Open the Start Menu.
- Type Control Panel, open the Control Panel app.
- Click on System and Security icon.
- There, click on the BitLocker Drive Encryption option.
- Below the Operating system drive section, click on the Turn on BitLocker option.
- There’ll be two options given for the encryption to unlock method, the first option is to Insert a USB flash drive, and the second option will be to Enter a password. Select the Second option.
- Selecting the second option will ensure that a password will be required before booting into the Windows system.
- Create a strong password and confirm it. It’ll be used to unlock the BitLocker and to access your device.
- Click on Next.
- There’ll be four options present there. Select the First option named Save To Your Microsoft account.
- Again, click on the Next button.
- Now, you’ll be prompted to select how much drive space you want to encrypt.
- Select the first option; Encrypt used disk space only (faster and best for new PCs and drives)
- Now, there are two encryption methods. Select New encryption mode (best for fixed drives on this device)
- Finally, click on the Next button, and check the Run BitLocker system option.
- Lastly, press the Continue button, and Restart now button.
These are the simple steps by which you can enable the BitLocker feature on a system without any issues.
What Happens When I Forget The Bitlocker Password?
When you forget a BitLocker Password, you can always recover it if you have proper recovery methods set up before encrypting the device. You should use the recover password from the Microsoft account option, or if you’ve saved the password on a USB drive before encrypting, you can use that as well.
Where Can I Find My Bitlocker Recovery Key?
Not only it’s essential to have Bitlocker turned on, but it is also important to make sure the key is available when you need it. If you are unable to find the key, here is the list of places you need to look into:
- Microsoft Account
- Print Out
- USB Flash Drive
- Azure Active Directory account
- System administrator
Is Using BitLocker Safe For Daily Use?
Anyone should consider using Bitlocker if you have data that needs to be protected at all costs. Using Bitlocker can get a bit complex for regular users, and it is not generally required. It is the sole reason why Bitlocker is available only on Windows Pro and Enterprise versions.
In this article, we’ve discussed the BitLocker feature for Windows. A drive encryption feature protects the drives from theft and third-part tampering by encrypting the drive. The key to decrypt the encryption is stored in the TPM chip. That’s why TPM chips are a must’ve component to run BitLocker properly.
However, as previously stated, we can use this BitLocker feature without a TPM by modifying Group Policy and encrypting drives with USB flash drives. Both methods are very effective and straightforward to use. If you haven’t already, it’s highly recommended that you enable the BitLocker feature on your computer. We’ve also discussed how to enable BitLocker on your Windows PC easily.