fbpx

Part 1: To use BitLocker without a TPM Chip you will need to first configure your computers Local Group Policy

In this guide we cover how to properly Enable BitLocker Drive Encryption utilizing customized Local Group Policys on your computer.

If you are not comfortable with the following steps, please consult with a Microsoft Consulting Firm like TECHIT SERVICES. You will be configuring “Require additional authentication at start-up” under BitLocker, and “Operating System Drives”. For detailed steps proceed further.

1)  Click the Windows Start Button with the Windows logo on the bottom-left corner of your computer’s desktop.

Windows Start Button

2) Simply start typing and enter “gpedit.msc” and then proceed to press the “Enter” key on your keyboard. That will pop open the “Local Group Policy Editor”.

edit group policy

3) Once the Local Group Policy editor has opened. Find the list of options on the left pane named “Local Computer Policy”, look for “Computer Configuration”. Click on “Administrative Templates” and expand that section.

Local Computer Policy

Administrative Templates

4)  Find and expand the section labeled “Windows Components”

Windows Components

5)  Then click on “BitLocker Drive Encryption”

Enable BitLocker Encryption without a TPM Chip, Enable BitLocker Encryption without a TPM Chip

5) Select and double-click on “Operating System Drives” to show a list of settings.

Operating System Drives

6). On the right pane you will find “Require additional authentication at start-up”. Double-Click on it to open additional settings.

Require additional Authentication at startup

7). Click on “Enable” Then click on “OK”, proceed to exit the “Local Group Policy Editor”.

Require additional Authentication at startup enabled ok

 

Part 2. Reboot Your Computer

Rebooting your computer will apply the new settings. Once completed you can proceed to setting up BitLocker.

Part 3. Enable BitLocker Encryption on your computer’s hard drive.

To easiest way to setup BitLocker Drive Encryption is with a USB thumb drive.

1) Push the Windows key on your keyboard and type: “Manage BitLocker” then press the “enter” key on your keyboard.

Windows Start Button

Manage BitLocker

2) Click on where it says “Turn on BitLocker” for the drive you wish to encrypt.

Turn on BitLocker

3) The BitLocker setup windows will open, proceed through the onscreen guide to setup the drive with BitLocker Drive Encryption.

Starting BitLocker

4) At the end you will be prompted on how you want to unlock the drive. It will give you the option of setting up a password or utilizing a USB thumb drive. If you choose “Removable USB Flash Drive” you will need to have it plugged into your computer every time you boot-up the computer to unlock the drive. If you choose password, you will need to use that password at every boot.

Choose how to unlock your drive at startup

Save your startup key

5) Then BitLocker will ask how you want to save your BitLocker Recovery Key. Select Save to USB Flash Drive, sync to cloud and print the recovery key.

Better to be safe and not sorry, be sure to keep your recovery key in a safe rememberable place. Depending on your 365-account configuration you may be able to Sync your Recovery Key with Azure AD. We recommend making redundancies for your Recovery Key.

***DO NOT ENABLE BITLOCKER ON YOUR RECOVERY KEY USB THUMB DRIVE***

Save your BitLocker Recovery Key

6) Proceed to follow the on-screen instructions to enable the BitLocker Drive Encryption. You will next “Choose how much of your drive to encrypt.”

Choose how much of your drive to encrypt

7) Choose what encryption mode you want and click on “Next”.

Choose which encryption mode to use

8) Run “BitLocker System Check” and click on “Next”.

Are you ready to encrypt this drive

9) Restart your computer.

the computer must be restarted

THAT’S IT YOUR ALL SETUP WITH BITLOCKER DRIVE ENCRYPTION!