Step by step instructions to Use BitLocker Without a Trusted Platform Module (TPM)
BitLocker’s full-circle encryption normally requires a PC with a Trusted Platform Module (TPM). Attempt to enable BitLocker on a PC without a TPM, and you’ll be told you haven’t got a TPM chip and you need to work around this.
BitLocker is accessible just on Professional, Enterprise, and Education editions of Windows. However, isn’t accessible on any Home releases of Windows.
For what reason does BitLocker require a TPM?
BitLocker regularly requires a Trusted Platform Module, or TPM, on your PC’s motherboard. From Windows 11 onwards you are required to use TPM 2.0 chips or higher. This chip generates and stores the unique encryption keys. It can consequently open your PC’s drive when it boots so you can sign in by composing your Windows login secret phrase. It’s basic, however, the TPM is accomplishing the difficult work in the engine.
In the event that somebody alters the PC or eliminates the drive from the PC and endeavours to decode it, it can’t be gotten to without the key put away in the TPM. The TPM won’t work assuming it’s moved to another PC’s motherboard, by the same token.
You can purchase and add a TPM chip to some motherboards, however on the off chance that your motherboard (or PC) offering this is very low, you might need to utilize BitLocker without a TPM. It’s less solid but better than doing nothing!
Instructions to Use BitLocker Without a TPM
You can sidestep this impediment through a Group Policy change. On the off chance that your PC is joined to a business or school domain, you can’t change the Group Policy setting yourself. Group strategy is arranged centrally by your IT manager.
In the event that you’re simply doing this on your own PC and it isn’t joined to a space, you can utilize the Local Group Policy Editor to change the setting for your own PC.
To open the Local Group Policy Editor, press Windows+R on your console, type “gpedit.msc” into the Run box, and press Enter.
Explore to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives in the left window.
Double-tap the “Require extra verification at startup” choice in the right window.
Select “Enable” at the highest point of the window on the left-hand side. Then tick the “Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB Flash drive)” box (as below)
Click “OK” to save your changes. You can now close the Group Policy Editor window. Your change produces results promptly, you don’t have to reboot.
The most effective method to Set Up BitLocker
You can now enable, configure, and use BitLocker ordinarily. Head to Control Panel > System and Security > BitLocker Drive Encryption and click “Turn on BitLocker” to encrypt your drive.
You’ll initially be asked the way that you need to open your drive when your PC boots up. Assuming your PC had a TPM, you could have the PC consequently open the drive or utilize a short PIN that requires the TPM present.
Since you don’t have a TPM, you should decide to either enter a secret key each time your PC boots or give a USB flash drive. Assuming you give a USB flash drive here, you’ll require that flash drive connected with your PC each time you boot up your PC to get to the records.
Proceed through the BitLocker arrangement process to enable BitLocker drive encryption, save a recovery key, and scramble your drive. The remainder of the cycle is equivalent to the typical BitLocker arrangement process.
At the point when your PC boots, you’ll need to either enter the secret key or have the USB flash drive you configured, connected. On the off chance that you can’t give the secret key or USB drive, BitLocker will not have the option to unscramble your drive and you will not have the option to boot into your Windows machine and access your documents.