Enable BitLocker without a TPM


Vista tells you it needs a TPM for BitLocker, but it lies. Follow these steps to enable BitLocker without a TPM:

1. Open the group policy editor by clicking Start, typing gpedit.msc, and then pressing Enter.

2. Navigate to Computer ConfigurationAdministrative TemplatesWindows ComponentsBitLocker Drive Encryption.

3. Double-click Control Panel Setup: Enable Advanced Startup Options.

4. Click Enable. Then, select the Allow BitLocker Without A Compatible TPM checkbox.


5. Click OK.

Now, you can enable BitLocker without a TPM.

5 Responses to “Enable BitLocker without a TPM”

  1. benjamin says:

    Wow, that was certainly well hidden, eh? Great find!

  2. Cam says:

    Here’s how to do the same thing in Windows 7:
    To enable BitLocker on a computer without a TPM, you must enable the Require additional authentication at setup Group Policy setting, which is located in Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives. You must select the Allow BitLocker without a compatible TPM check box. After this setting is applied to the local computer, the non-TPM settings appear in the BitLocker setup wizard.

  3. delta9 says:

    it would probably also be helpful to let readers know that once you do that, you will have to create an encryption key on a USB flash drive, and you will have to have that USB boot drive inserted EVERY time you start the computer.

  4. Fredda says:

    Has it been done an code review for the bitlocker function
    by an organisation OUTSIDE USA ?

    How do I as a customer know that there is no backdoors ?

    FBI, RIAA ?