In this post, we will learn the steps to enable BitLocker Drive Encryption (BDE) on Windows 10 without TPM (Trusted Platform Module).

What is BitLocker Drive Encryption?

BitLocker is a data protection feature that encrypts any drives on your computer to help prevent data theft or exposure. BitLocker requires a TPM (Trusted Platform Module) chip on your computer’s motherboard.

TPM chip generates and stores the actual encryption keys. TPM can automatically unlock your PC’s drive when it boots so you can sign in just by typing your username and password.

You can use BitLocker Drive Encryption without the TPM chip, but it requires some extra steps for additional authentication.

Notes:

  • BitLocker Drive Encryption is available only on Pro and Enterprise edition of Windows 10.
  • BitLocker Drive Encryption a time-consuming process.
  • Take a full backup before starting the BDE process.

How to Turn On BitLocker Without a TPM in Windows 10:

If we want to use BitLocker Drive Encryption without the TPM chip, then we need to use the Local Group Policy Editor to enable additional authentication at startup.

Open Group Policy Editor Console.

1. Press Windows Key and R together to open the run menu, type gpedit.msc, and press enter key.

2. Open Group Policy Editor Console

2. Under Computer Configuration, expand Administrative Templates.

3. Expand Windows Components.

4. Expand BitLocker Drive Encryption and Operating System Drives.

5. Under settings, double-click Require additional authentication at startup policy.

4. Double Click on Require Additional Authentication

6. Select Enabled radio button.

Note: Make sure to check the “Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)” option.

7. Click OK to save the changes.

5. Enable the Policy

Update the Group Policy Settings:

8. We will manually update the group policy settings by running command gpupdate /force.

6. Manually Update the Group Policy

Enable BitLocker on the Windows 10 system drive:

9. Press Windows Key and R together to open the run menu, type control, and press enter key.

10. On Control Panel, click System and Security.

7. Open Control Panel

11. Click BitLocker Drive Encryption.

8. Click on BitLocker Drive Encryption

12. Under BitLocker Drive Encryption for operating system drive, click Turn on BitLocker.

9. Click on Turn On BitLocker

13. Choose how you want to unlock your drive during startup: Insert a USB flash drive or Enter a password. In this case, we will select Enter a password to continue.

10. Select Enter a Password to Unlock

14. Enter a strong password that you’ll use to unlock the encrypted drive. Click Next.

11. Type a Strong password

Backup BitLocker Recovery Key:

The Recovery Key is useful in case you forget your encryption password. Now you need to save your BitLocker Recovery Key somewhere safe by selecting one of the given options.

  • Option:1 Save to your Microsoft account
  • Option:2 Save to a USB flash drive
  • Option:3 Save to a file
  • Option:4 Print the recovery

15. Select the option that is most suitable for you, and save the recovery key in a safe place. After that, click the Next button.

12. Save BitLocker Recovery Key

You now see the option to choose how much of your drive to encrypt.

  • Encrypt used disk space only (faster and best for new PCs and drives)
  • Encrypt entire drive (slower but best for PCs and drives already in use)

16. Select the option that is most convenient for you. I will go with encrypt used disk space as its much faster.

13. Encrypt Used Disk Space Only

17. Now you have the option to choose which encryption mode you want to use. If you are running the latest version of Windows 10 then, select New encryption mode and click Next.

14. Use New Encryption Mode

18. Make sure to select the Run BitLocker system check option.

15. Run BitLocker System Check upon Restart

19. After you click Continue, you have to restart your computer.

16. Restart Windows 10

20. On reboot, BitLocker will now ask to enter the password to unlock the encrypted drive. Enter the encryption password and press Enter key to boot.

17. Enter Password to Unlock Encrypted Drive

Verify the BitLocker Drive Encryption Process:

21. Windows 10 will normally boot up. Upon login, you will see notification about Encryption is going on.

18. Encryption in Progress Notification

22. On Control Panel, click System and Security. Click BitLocker Drive Encryption. You will see BitLocker is encrypting your Operating System drive.

19. Encryption in Progress in Control Panel

23. You can also monitor the BitLocker Drive Encryption process using PowerShell cmdlet. Cmdlet: manage-bde -status C:

20. PowerShell Command to Monitor Process

24. Once the BitLocker drive encryption process is complete, you will see the BitLocker On.

21. Verify Encryption is Completed Successfully

If you open File Explorer, you can see that lock icon on C: drive.

Thank you for reading this. Have a Good Day.

Video Guide on: How to Enable BitLocker Encryption on Windows 10 without TPM Chip.

Post Views: 4,364