How to use Vista BitLocker Step 3: Edit the local policy

Learn how to use BitLocker on a computer without TPM and encrypt your hard drive with this step-by-step guide.

By default, BitLocker will only work if you have a TPM; it won't even set itself up if no TPM is present. This particular provision is enforced as a Group Policy restriction, so you'll need to edit Group Policy to change it.


  1. Click Start, Run.
  2. Type gpedit.msc and press Enter. That triggers a UAC confirmation warning. Click Confirm to continue.
  3. Drill down to Local Computer Policy, Computer Configuration, Administrative Templates, Windows Components, BitLocker Drive Encryption.
  4. Double-click on Control Panel Setup: Enable advanced startup options, then click on Enabled to enable changes to the policy.
  5. The box next to Allow BitLocker without a compatible TPM should be automatically checked off; if it isn't, check it.
  6. Click OK.
  7. Close Group Policy Editor.
  8. Log off and log back on again to let the changes take effect.

Note that there are several other options available in the BitLocker Drive Encryption policy console, such as selecting the on-disk encryption method or choosing whether to back up the BitLocker key to an Active Directory domain. These options and their implications are worth exploring in their own article, so I'm going to skip them for now.

Using BitLocker on a non-TPM system

 Step 1: Know your hardware
 Step 2: Configure the drives
 Step 3: Edit the local policy
 Step 4: Start the BitLocker encryption process

About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!


Read more on Antivirus, firewall and IDS products