Enable Bitlocker On Unsupported Hardware

Martin Brinkmann
Mar 22, 2009
Updated • May 28, 2017
Encryption, Windows

Bitlocker is an additional software component that got first distributed with Microsoft Windows Vista Ultimate and Enterprise, and with professional versions of newer Windows systems as well.

It can be used to encrypt full partitions on computer systems but can only be run on supported hardware. Bitlocker by default does require a Trusted Platform Module chip (TPM Chip) on the computer's motherboard. The chip contains a cryptographic key that Bitlocker uses for the encryption process. Without key, Windows won't let you use Bitlocker.

You do get a notification though when you try to start BitLocker that you should contact your system administrator so that the "allow BitLocker without a compatible TPM" policy is set.

So, how is that done if you are the admin of the system? Lets find out.


Bitlocker On Unsupported Hardware

There is a method to enable Bitlocker encryption on computer systems that do not have a TPM chip. Before we take a look at how that is done, you may want to understand why TPM is a requirement for BitLocker encryption.

TPM, or Trusted Platform Module, is a chip on the computer's motherboard that is used to generate and store encryption keys. So, it is hardware that is essential for BitLocker to function. If a BitLocker encrypted hard drive is moved to another PC, it cannot be decrypted even if that system has a TPM as well, as the stored key is still on the old chip.

If you don't use TPM, the encryption key is generated in a different way, and it is saved to another storage location, usually an USB Flash drive.

Getting Started

The following method will enable Bitlocker and should work as well if you are using the Microsoft operating systems Windows 7, 8 or 10.

Please note that the Group Policy Editor is only available on professional and Enterprise editions of Windows.

You can find out if your computer supports TPM by open the Windows Control Panel, loading the BitLocker Drive Encryption applet, and clicking on TPM Adminstration. This opens a new window that lists whether a TPM chip is integrated in the computer's hardware.

  • Run gpedit.msc by either clicking on the Windows Start Menu button or by using the shortcut Windows-R, typing gpedit.msc and hitting enter. This will open the Group Policy Editor.
  • Locate the following folder on the left: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption
  • Enable the Advanced Startup Options by double-clicking on Control Panel Setup to display the advanced options.
  • Click on Enabled and check the Allow Bitlocker Without A Compatible TPM Checkbox.

A click on OK will enable Bitlocker on computer systems without Trusted Platform Module chips. It is from then on possible to save the Bitlocker encryption key on an external storage device like an USB stick or Flash memory card.

This key is essential for accessing the encrypted partitions. There is no way of accessing the encrypted partition or hard drive if the storage device gets damaged or lost.

So, you better back up the key properly and store it in different locations to avoid running in situations where you cannot access your encrypted data because you do not have access to the encryption key anymore.

Update: Bitlocker is also integrated into Windows 7 Ultimate and Enterprise, Windows 8 Pro and Enterprise, and professional editions of Microsoft's Windows 10 operating system. The enterprise version of Windows 8 and Windows 7 furthermore  provide access to Bitlocker To Go, which can encrypt data on USB flash drives using the encryption software.

Enable Bitlocker On Unsupported Hardware
Article Name
Enable Bitlocker On Unsupported Hardware
Find out how to enable the encryption tool Bitlocker on Windows PC systems that don't have a Trusted Platform Module chip.
Ghacks Technology News

Previous Post: «
Next Post: «


  1. Jojo said on March 22, 2009 at 10:41 pm

    And if something goes wrong, I’d expect that you would get ZERO help from Microsoft.

    I think I would prefer Truecrypt for this functionality.

  2. shantanoo said on April 1, 2009 at 3:05 pm

    need gpedit tips

  3. Dwight Stegall said on January 25, 2015 at 9:39 pm

    I do not have 8.1 pro. So I don’t have gpedit.msc. But in the Services panel it says Bitlocker Encryption Service and it is stopped. Why do I have that if I don’t have pro?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.