How to Use BitLocker on Windows 11 or 10 without a Trusted Platform Module (TPM)?

Posted by

To use the BitLocker function, you need a computer that has a Trusted Platform Module (TPM). If you try to enable BitLocker on a PC without a TPM, you’ll be told your administrator must set a system policy option.

On the other hand, BitLocker is available only on Professional, Enterprise, and Education editions of Windows. That means if your PC equips with a TPM 1.2 or later; still, you can’t use BitLocker because you will not find an option for BitLocker to configure.

BitLocker typically requires a Trusted Platform Module (TPM 1.2 or later) chip on your computer’s motherboard. This TPM chip generates and stores the actual encryption keys and automatically unlocks your PC’s drive so that when you boot, you can sign in just by typing your Windows login password.

If someone gets physical access to your PC, removes the drive from the computer, and attempts to decrypt it, they will fail to access that without the key stored in the TPM. The TPM won’t work if you change the PC’s motherboard, either.

However, if your motherboard (or laptop) doesn’t have a TPM, you may want to use BitLocker without a TPM, but this will be less secure. But it is always better than nothing.

How to Use BitLocker on Windows 11 or 10 without a TPM?

If you want to use BitLocker on Windows 11 and 10 machines without a TPM, use the following steps:-

Step 1. First, open Local Group Policy Editor.

Step 2. Then, navigate to the following path on the left side:-

Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives

Step 3. After that, double-click the policy name on the right-side pane, “Require additional authentication at startup.”

Step 4. Select Enabled.

Step 5. Ensure the “Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)” checkbox is enabled under the “Options” section.

Step 6. Click Apply.

Step 7. Click OK.

Step 8. Reboot your PC to apply the changes.

How to Set Up BitLocker?

Once you complete the above steps, you can configure and use BitLocker usually.

To set up BitLocker on Windows 11 or 10, use the following steps:-

Step 1. Open Control Panel.

Step 2. Click on System and Security.

Step 3. Click on BitLocker Drive Encryption.

Step 4. Under the “Operating system drive” section, click the Turn on BitLocker option.

Step 5. Now, you’ll be asked how you want to unlock your drive at startup. Because you don’t have a TPM, you can choose either “Insert a USB flash drive” or “Enter a password.” If you select a USB flash drive option, you’ll need that flash drive connected to your PC each time you boot up your PC to access the files.

Step 6. Since we don’t want to use a USB flash drive, we have selected the second option, “Enter a password,” to encrypt our drive.

Step 7. In the following screen, enter the password to encrypt the drive and then confirm the password.

Step 8. After that, click the Next button.

Step 9. Now, you’ll be prompted to back up your recovery key. You can select from the following options:-

  • Save to your Microsoft account
  • Save to a USB flash drive
  • Save to a file
  • Print the recovery key

Choose a method to back up your recovery key and click the Next button.

Step 10. In the following screen, choose the faster or slower method to encrypt the drive and then click the Next button.

At last, you’ll be prompted to reboot your computer. Depending on your configuration, you may need to enter the BitLocker USB flash drive or password that you have set in the above steps.

Good luck.

Leave a Reply

Your email address will not be published. Required fields are marked *