Part 1: To use BitLocker without a TPM Chip, you will need first to configure your computer’s Local Group Policy
In this guide, we cover how to properly Enable BitLocker Drive Encryption utilizing customized Local Group Policy on your computer.
If you are not comfortable with the following steps, please consult with a Microsoft Consulting Firm like TECHIT SERVICES. You will be configuring “Require additional authentication at start-up” under BitLocker and “Operating System Drives.” For detailed steps, proceed further.
1) Click the Windows Start Button with the Windows logo on the bottom-left corner of your computer’s desktop.
2) start typing and enter “gpedit. msc” and then proceed to press the “Enter” key on your keyboard. That will pop open the “Local Group Policy Editor.”
3) Once the Local Group Policy editor has opened. Find the list of options on the left pane named “Local Computer Policy” and look for “Computer Configuration.” Click on “Administrative Templates” and expand that section.
4) Find and expand the section labeled “Windows Components.”
5) Then click on “BitLocker Drive Encryption.”
6) Select and double-click on “Operating System Drives” to show a list of settings.
7). On the right pane, you will find “Require additional authentication at start-up.” Double-click on it to open additional settings.
8). Click on “Enable,” Then click on “OK,” and proceed to exit the “Local Group Policy Editor.”
Part 2. Reboot Your Computer
Rebooting your computer will apply the new settings. Once completed, you can proceed to setting up BitLocker.
Part 3. Enable BitLocker Encryption on your computer’s hard drive.
The easiest way to set up BitLocker Drive Encryption is with a USB thumb drive.
1) Push the Windows key on your keyboard and type: “Manage BitLocker,” then press the “enter” key on your keyboard.
2) Click on where it says “Turn on BitLocker” for the drive you wish to encrypt.
3) The BitLocker setup windows will open; proceed through the onscreen guide to set up the drive with BitLocker Drive Encryption.
4) At the end, you will be prompted on how you want to unlock the drive. It will give you the option of setting up a password or utilizing a USB thumb drive. If you choose “Removable USB Flash Drive,” you will need to have it plugged into your computer every time you boot up the computer to unlock the drive. If you choose a password, you will need to use that password at every boot.
5) Then BitLocker will ask how you want to save your BitLocker Recovery Key. Select Save to USB Flash Drive, sync to the cloud, and print the recovery key.
It is better to be safe and not sorry; be sure to keep your recovery key in a safe, memorable place. Depending on your 365-account configuration, you can Sync your Recovery Key with Azure AD. We recommend making redundancies for your Recovery Key.
***DO NOT ENABLE BITLOCKER ON YOUR RECOVERY KEY USB THUMB DRIVE***
6) Proceed to follow the onscreen instructions to enable the BitLocker Drive Encryption. You will next, “Choose how much of your drive to encrypt.”
7) Choose what encryption mode you want and click on “Next”.
8) Run “BitLocker System Check” and click on “Next.”
9) Restart your computer.
THAT’S IT. YOU’RE ALL SET UP WITH BITLOCKER DRIVE ENCRYPTION!