I have been dependent with Truecrypt for my drive encryption needs but its development has been discontinued early on May 2014 with the last released bugs left unfixed and awaiting to be exploited. Now that I’ve switched from Windows 7 to Windows 10, I decided to use Bitlocker to satisfy my drive encryption needs. I’m sharing below the steps I took to enable Bitlocker and encrypt my system drive in Windows 10 without the TPM or Trusted Platform Module.
Enable Trusted Platform Module (TPM) Without the Compatible TPM
This should solved the error below when trying to enable BitLocker on systems that didn’t have TPM.
This device can’t use a Trusted Platform Module. Your administrator must select the “Allow BitLocker without a compatible TPM” option in the “Require additional authentication at startup” policy for OS volumes.
Run your Group Policy Editor — gpedit.msc. Enable “Require additional authentication at startup”, refer to fig. 1
Enable “Require additional authentication at startup” and tick the “Allow BitLocker without a compatible TPM” box — refer to fig. 2.
Right click on the drive you want to be encrypted and click on “Turn on BitLocker”
You can either use Insert Flash Drive or Use password when prompted on how you choose to unlock your encrypted drive on startup. I recommend to choose password over flash drive for practicality sake. In my case, I’ve chosen password over flash drive to unlock my encrypted drive.
If you’ve chosen password, you will be prompted to enter your unlock password.
You will then be prompted on how do you want to store your backup key in case you’ve lost your flash drive or forgot your unlock password. I recommend saving it to your Microsoft account or save it to file and put it in the cloud for easy access and high availability.
When you have your password or flash drive defined, specify how you want to encrypt your drive. Encrypting your drive’s used space only is faster than encrypting the entire drive. This is only recommended and best to newly installed drives.
The last step is encrypting your drive. When drive encryption process is done you should see a gold lock which indicate that BitLocker is currently enabled and the drive is locked and gray lock when the drive is unlocked.
If you are encrypting the system drive, you should be prompted with your password to unlock your drive when booting.
That’s about it! Please do not leave your comments if you have questions or if you have encountered error following this how-to.
Also, you might want to check out my post on how to create a virtual hard drive and encrypting it using BitLocker.