Enable Bitlocker On Unsupported Hardware - gHacks Tech News

Enable Bitlocker On Unsupported Hardware

Bitlocker is an additional software component that got first distributed with Microsoft Windows Vista Ultimate and Enterprise, and with professional versions of newer Windows systems as well.

It can be used to encrypt full partitions on computer systems but can only be run on supported hardware. Bitlocker by default does require a Trusted Platform Module chip (TPM Chip) on the computer's motherboard. The chip contains a cryptographic key that Bitlocker uses for the encryption process. Without key, Windows won't let you use Bitlocker.

You do get a notification though when you try to start BitLocker that you should contact your system administrator so that the "allow BitLocker without a compatible TPM" policy is set.

So, how is that done if you are the admin of the system? Lets find out.

Bitlocker On Unsupported Hardware

There is a method to enable Bitlocker encryption on computer systems that do not have a TPM chip. Before we take a look at how that is done, you may want to understand why TPM is a requirement for BitLocker encryption.

TPM, or Trusted Platform Module, is a chip on the computer's motherboard that is used to generate and store encryption keys. So, it is hardware that is essential for BitLocker to function. If a BitLocker encrypted hard drive is moved to another PC, it cannot be decrypted even if that system has a TPM as well, as the stored key is still on the old chip.

If you don't use TPM, the encryption key is generated in a different way, and it is saved to another storage location, usually an USB Flash drive.

Getting Started

bitlocker

The following method will enable Bitlocker and should work as well if you are using the Microsoft operating systems Windows 7, 8 or 10.

Please note that the Group Policy Editor is only available on professional and Enterprise editions of Windows.

You can find out if your computer supports TPM by open the Windows Control Panel, loading the BitLocker Drive Encryption applet, and clicking on TPM Adminstration. This opens a new window that lists whether a TPM chip is integrated in the computer's hardware.

  • Run gpedit.msc by either clicking on the Windows Start Menu button or by using the shortcut Windows-R, typing gpedit.msc and hitting enter. This will open the Group Policy Editor.
  • Locate the following folder on the left: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption
  • Enable the Advanced Startup Options by double-clicking on Control Panel Setup to display the advanced options.
  • Click on Enabled and check the Allow Bitlocker Without A Compatible TPM Checkbox.

A click on OK will enable Bitlocker on computer systems without Trusted Platform Module chips. It is from then on possible to save the Bitlocker encryption key on an external storage device like an USB stick or Flash memory card.

This key is essential for accessing the encrypted partitions. There is no way of accessing the encrypted partition or hard drive if the storage device gets damaged or lost.

So, you better back up the key properly and store it in different locations to avoid running in situations where you cannot access your encrypted data because you do not have access to the encryption key anymore.

Update: Bitlocker is also integrated into Windows 7 Ultimate and Enterprise, Windows 8 Pro and Enterprise, and professional editions of Microsoft's Windows 10 operating system. The enterprise version of Windows 8 and Windows 7 furthermore  provide access to Bitlocker To Go, which can encrypt data on USB flash drives using the encryption software.

Summary
Enable Bitlocker On Unsupported Hardware
Article Name
Enable Bitlocker On Unsupported Hardware
Description
Find out how to enable the encryption tool Bitlocker on Windows PC systems that don't have a Trusted Platform Module chip.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Jojo said on March 22, 2009 at 10:41 pm
    Reply

    And if something goes wrong, I’d expect that you would get ZERO help from Microsoft.

    I think I would prefer Truecrypt for this functionality.

  2. shantanoo said on April 1, 2009 at 3:05 pm
    Reply

    need gpedit tips

  3. Dwight Stegall said on January 25, 2015 at 9:39 pm
    Reply

    I do not have 8.1 pro. So I don’t have gpedit.msc. But in the Services panel it says Bitlocker Encryption Service and it is stopped. Why do I have that if I don’t have pro?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.