Enable Bitlocker On Unsupported Hardware
Bitlocker is an additional software component that got first distributed with Microsoft Windows Vista Ultimate and Enterprise, and with professional versions of newer Windows systems as well.
It can be used to encrypt full partitions on computer systems but can only be run on supported hardware. Bitlocker by default does require a Trusted Platform Module chip (TPM Chip) on the computer's motherboard. The chip contains a cryptographic key that Bitlocker uses for the encryption process. Without key, Windows won't let you use Bitlocker.
You do get a notification though when you try to start BitLocker that you should contact your system administrator so that the "allow BitLocker without a compatible TPM" policy is set.
So, how is that done if you are the admin of the system? Lets find out.
Bitlocker On Unsupported Hardware
There is a method to enable Bitlocker encryption on computer systems that do not have a TPM chip. Before we take a look at how that is done, you may want to understand why TPM is a requirement for BitLocker encryption.
TPM, or Trusted Platform Module, is a chip on the computer's motherboard that is used to generate and store encryption keys. So, it is hardware that is essential for BitLocker to function. If a BitLocker encrypted hard drive is moved to another PC, it cannot be decrypted even if that system has a TPM as well, as the stored key is still on the old chip.
If you don't use TPM, the encryption key is generated in a different way, and it is saved to another storage location, usually an USB Flash drive.
Getting Started
The following method will enable Bitlocker and should work as well if you are using the Microsoft operating systems Windows 7, 8 or 10.
Please note that the Group Policy Editor is only available on professional and Enterprise editions of Windows.
You can find out if your computer supports TPM by open the Windows Control Panel, loading the BitLocker Drive Encryption applet, and clicking on TPM Adminstration. This opens a new window that lists whether a TPM chip is integrated in the computer's hardware.
- Run gpedit.msc by either clicking on the Windows Start Menu button or by using the shortcut Windows-R, typing gpedit.msc and hitting enter. This will open the Group Policy Editor.
- Locate the following folder on the left: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption
- Enable the Advanced Startup Options by double-clicking on Control Panel Setup to display the advanced options.
- Click on Enabled and check the Allow Bitlocker Without A Compatible TPM Checkbox.
A click on OK will enable Bitlocker on computer systems without Trusted Platform Module chips. It is from then on possible to save the Bitlocker encryption key on an external storage device like an USB stick or Flash memory card.
This key is essential for accessing the encrypted partitions. There is no way of accessing the encrypted partition or hard drive if the storage device gets damaged or lost.
So, you better back up the key properly and store it in different locations to avoid running in situations where you cannot access your encrypted data because you do not have access to the encryption key anymore.
Update: Bitlocker is also integrated into Windows 7 Ultimate and Enterprise, Windows 8 Pro and Enterprise, and professional editions of Microsoft's Windows 10 operating system. The enterprise version of Windows 8 and Windows 7 furthermore provide access to Bitlocker To Go, which can encrypt data on USB flash drives using the encryption software.
I do not have 8.1 pro. So I don’t have gpedit.msc. But in the Services panel it says Bitlocker Encryption Service and it is stopped. Why do I have that if I don’t have pro?
need gpedit tips
And if something goes wrong, I’d expect that you would get ZERO help from Microsoft.
I think I would prefer Truecrypt for this functionality.