How To Use BitLocker Encryption on Computer without TPM

BitLocker is a partition-level encryption solution that comes with Windows 8.1 Pro. It works better on a computer equipped with TPM chip, a dedicated component designed to secure hardware by integrating cryptography keys into devices because all encryption/decryption work all seamlessly and transparently to the end users. Once it’s on, it’s always working without users even knowing it. No extra password needed.

But if you don’t have a computer that has TPM, you can still use BitLocker to secure your computer. This post provides a detailed step-by-step instruction to show you how.

You need Windows 8.1 Pro edition

First of all, make sure you have Windows 8.1 Pro installed as it’s the required operating system that comes with BitLocker. If you have only Windows 8 running, you will need to upgrade to 8.1 Pro first.

Enable an extra Group Policy setting

Press Win+R, type “gpedit.msc”,  and press Enter to launch Local Group Policy Editor.

Go to Computer Configuration → Administrative Templates → Windows Components → BitLocker Drive Encryption → Operating System Drives, double-click option “Require additional authentication at startup

Then, select Enabled radio button, and check option “Allow BitLocker without a TPM“. OK to save the change.

Group Policy - BitLocker without TPM

Close Group Policy Editor and move to next step.

Turning on BitLocker

Open Windows Explorer, right-click your C drive, and click Turn on BitLocker.

Turn on BitLocker

Select “Enter a Password” when prompted how to unlock your drive at startup.

Turn on BitLocker - Enter a password

Type a strong password at next screen, and go to Next.

Pick one of 3 options to back up your recovery key. Use a USB flash drive is the easier if you have one around. The USB flash drive that has your recovery key on it is not required to boot the encrypted system. It’s purely for recovery purpose.

Turn on BitLocker - Save recovery key

Choose one of 2 options to how you want to encrypt your drive, encrypt used space only or entire disk. It doesn’t really matter which way to go with. I always choose to encrypt used disk space as it’s much faster.

Turn on BitLocker - encryption disk

Continue on to finish the rest steps, and reboot your computer once done.

Then enter the encryption password created above. If you successfully get into your Windows, you are all set. The encryption process will start automatically after it gets to the desktop.

BitLocker password at boot

That’s it. Your computer is now fully protected by BitLocker encryption. Note that the key to this process is the complicity of the password you choose when turning on BitLocker on your system drive. The more complicate the password is, the more secure your computer is under the protection of BitLocker. I would recommend using a password phrase instead of a strong but hard-to-remember password, such as a quote from one of your favorite movies.

Kent Chen

Microsoft MVP, IT Professional, Developer, Geek, and the co-founder of Next of Windows.

Last updated: 05/11/2015

Posted in: Windows 8
Discover more: , ,