Part 1: To use BitLocker without a TPM Chip you will need to first configure your computers Local Group Policy
In this guide we cover how to properly Enable BitLocker Drive Encryption utilizing customized Local Group Policys on your computer.
If you are not comfortable with the following steps, please consult with a Microsoft Consulting Firm like TECHIT SERVICES. You will be configuring “Require additional authentication at start-up” under BitLocker, and “Operating System Drives”. For detailed steps proceed further.
1) Click the Windows Start Button with the Windows logo on the bottom-left corner of your computer’s desktop.
2) Simply start typing and enter “gpedit.msc” and then proceed to press the “Enter” key on your keyboard. That will pop open the “Local Group Policy Editor”.
3) Once the Local Group Policy editor has opened. Find the list of options on the left pane named “Local Computer Policy”, look for “Computer Configuration”. Click on “Administrative Templates” and expand that section.
4) Find and expand the section labeled “Windows Components”
5) Then click on “BitLocker Drive Encryption”
5) Select and double-click on “Operating System Drives” to show a list of settings.
6). On the right pane you will find “Require additional authentication at start-up”. Double-Click on it to open additional settings.
7). Click on “Enable” Then click on “OK”, proceed to exit the “Local Group Policy Editor”.
Part 2. Reboot Your Computer
Rebooting your computer will apply the new settings. Once completed you can proceed to setting up BitLocker.
Part 3. Enable BitLocker Encryption on your computer’s hard drive.
To easiest way to setup BitLocker Drive Encryption is with a USB thumb drive.
1) Push the Windows key on your keyboard and type: “Manage BitLocker” then press the “enter” key on your keyboard.
2) Click on where it says “Turn on BitLocker” for the drive you wish to encrypt.
3) The BitLocker setup windows will open, proceed through the onscreen guide to setup the drive with BitLocker Drive Encryption.
4) At the end you will be prompted on how you want to unlock the drive. It will give you the option of setting up a password or utilizing a USB thumb drive. If you choose “Removable USB Flash Drive” you will need to have it plugged into your computer every time you boot-up the computer to unlock the drive. If you choose password, you will need to use that password at every boot.
5) Then BitLocker will ask how you want to save your BitLocker Recovery Key. Select Save to USB Flash Drive, sync to cloud and print the recovery key.
Better to be safe and not sorry, be sure to keep your recovery key in a safe rememberable place. Depending on your 365-account configuration you may be able to Sync your Recovery Key with Azure AD. We recommend making redundancies for your Recovery Key.
***DO NOT ENABLE BITLOCKER ON YOUR RECOVERY KEY USB THUMB DRIVE***
6) Proceed to follow the on-screen instructions to enable the BitLocker Drive Encryption. You will next “Choose how much of your drive to encrypt.”
7) Choose what encryption mode you want and click on “Next”.
8) Run “BitLocker System Check” and click on “Next”.
9) Restart your computer.
THAT’S IT YOUR ALL SETUP WITH BITLOCKER DRIVE ENCRYPTION!