Part 1: To use BitLocker without a TPM Chip, you will need first to configure your computer’s Local Group Policy

In this guide, we cover how to properly Enable BitLocker Drive Encryption utilizing customized Local Group Policy on your computer.

If you are not comfortable with the following steps, please consult with a Microsoft Consulting Firm like TECHIT SERVICES. You will be configuring “Require additional authentication at start-up” under BitLocker and “Operating System Drives.” For detailed steps, proceed further.

1)  Click the Windows Start Button with the Windows logo on the bottom-left corner of your computer’s desktop.

Windows Start Button

2) start typing and enter “gpedit. msc” and then proceed to press the “Enter” key on your keyboard. That will pop open the “Local Group Policy Editor.”

edit group policy

3) Once the Local Group Policy editor has opened. Find the list of options on the left pane named “Local Computer Policy” and look for “Computer Configuration.” Click on “Administrative Templates” and expand that section.

Local Computer Policy

Administrative Templates

4)  Find and expand the section labeled “Windows Components.”

Windows Components

5)  Then click on “BitLocker Drive Encryption.”

6) Select and double-click on “Operating System Drives” to show a list of settings.

Operating System Drives

7). On the right pane, you will find “Require additional authentication at start-up.” Double-click on it to open additional settings.

Require additional Authentication at startup

8). Click on “Enable,” Then click on “OK,” and proceed to exit the “Local Group Policy Editor.”

Require additional Authentication at startup enabled ok


Part 2. Reboot Your Computer

Rebooting your computer will apply the new settings. Once completed, you can proceed to setting up BitLocker.

Part 3. Enable BitLocker Encryption on your computer’s hard drive.

The easiest way to set up BitLocker Drive Encryption is with a USB thumb drive.

1) Push the Windows key on your keyboard and type: “Manage BitLocker,” then press the “enter” key on your keyboard.

Windows Start Button

Manage BitLocker

2) Click on where it says “Turn on BitLocker” for the drive you wish to encrypt.

Turn on BitLocker

3) The BitLocker setup windows will open; proceed through the onscreen guide to set up the drive with BitLocker Drive Encryption.

Starting BitLocker

4) At the end, you will be prompted on how you want to unlock the drive. It will give you the option of setting up a password or utilizing a USB thumb drive. If you choose “Removable USB Flash Drive,” you will need to have it plugged into your computer every time you boot up the computer to unlock the drive. If you choose a password, you will need to use that password at every boot.

Choose how to unlock your drive at startup

Save your startup key

5) Then BitLocker will ask how you want to save your BitLocker Recovery Key. Select Save to USB Flash Drive, sync to the cloud, and print the recovery key.

It is better to be safe and not sorry; be sure to keep your recovery key in a safe, memorable place. Depending on your 365-account configuration, you can Sync your Recovery Key with Azure AD. We recommend making redundancies for your Recovery Key.


Save your BitLocker Recovery Key

6) Proceed to follow the onscreen instructions to enable the BitLocker Drive Encryption. You will next, “Choose how much of your drive to encrypt.”

Choose how much of your drive to encrypt

7) Choose what encryption mode you want and click on “Next”.

Choose which encryption mode to use

8) Run “BitLocker System Check” and click on “Next.”

Are you ready to encrypt this drive

9) Restart your computer.

the computer must be restarted