By default, BitLocker will only work if you have a TPM; it won't even set itself up if no TPM is present. This particular provision is enforced as a Group Policy restriction, so you'll need to edit Group Policy to change it.
- Click Start, Run.
- Type gpedit.msc and press Enter. That triggers a UAC confirmation warning. Click Confirm to continue.
- Drill down to Local Computer Policy, Computer Configuration, Administrative Templates, Windows Components, BitLocker Drive Encryption.
- Double-click on Control Panel Setup: Enable advanced startup options, then click on Enabled to enable changes to the policy.
- The box next to Allow BitLocker without a compatible TPM should be automatically checked off; if it isn't, check it.
- Click OK.
- Close Group Policy Editor.
- Log off and log back on again to let the changes take effect.
Note that there are several other options available in the BitLocker Drive Encryption policy console, such as selecting the on-disk encryption method or choosing whether to back up the BitLocker key to an Active Directory domain. These options and their implications are worth exploring in their own article, so I'm going to skip them for now.
Using BitLocker on a non-TPM system
Step 1: Know your hardware
Step 2: Configure the drives
Step 3: Edit the local policy
Step 4: Start the BitLocker encryption process
About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!
This was first published in March 2007