Use BitLocker Drive Encryption without TPM chip

Posted in Windows Vista by Steve Sinchak

Windows Vista includes a new hard drive encryption feature called BitLocker Drive Encryption. BitLocker can be a very useful security feature for businesses and home users that have sensitive and confidential information stored on their computer.  Unfortunately, BitLocker Drive Encryption by default requires a Trusted Platform Module (TPM Chip) version 1.2 or later installed in your computer.  A lot of the computers and laptops on the market do not come with TPM chips installed since they are typically only found in premium model business computers.  If you have Windows Vista Business, Ultimate or Enterprise but do not have a TPM chip, you can still use BitLocker Drive Encryption.

Hidden away in local group policy is a setting that will allow you to turn on the ability to use a USB storage device instead of a TPM key to store the encryption key.  This is a great feature for users that don't have the latest high-end hardware because you can still use hard drive encryption.  However, every time you turn on your computer, the USB storage device that has the encryption key located on it must be plugged in. Without it, your computer will not boot up.  One BitLocker Drive Encryption is setup with a USB storage device, that USB storage device basically becomes the key to your computer.

Follow these steps to turn on the ability to use a USB storage device with BitLocker Drive Encryption on hardware that does not have a TPM device:

  1. Click on the Start Button and key in gpedit.msc and hit Enter.
  2. Navigate through: Computer Policy, Administrative Templates, Windows Components and BitLocker Drive Encryption.
  3. Right click on Control Panel Setup: Enable advanced startup options and select Properties.
    Check Enabled and hit OK.
Free Computer Magazines and eBooks