Listen to a podcast about using BitLocker on a system without TPM with Serdar Yegulalp (6:57).
BitLocker, a function available in Microsoft's Vista Enterprise and Ultimate versions, let you encrypt on a system drive, something that wasn't possible in previous versions of Windows without a third-party product. Typically, in order to use BitLocker, you need a system with Trusted Platform Module (TPM) hardware, version 1.2 or better -- something that a number of PC manufacturers are now starting to supply, albeit at additional cost.
But what if you want to use BitLocker on a system that doesn't have a TPM? Most computers -- especially most existing computers -- don't have a TPM, and you can't add a TPM to a computer. It's either part of the system's design or it's not.
Fortunately, Microsoft has built a number of provisions into BitLocker that make it useable on a system that doesn't have a Trusted Platform Module. In this article, I'll walk you through the ways to get BitLocker up and running on a PC that doesn't include a TPM, what you'll need in its absence, what practices you'll have to follow and what you can expect.
Note: Do not perform any of these steps until you've made a full backup of any data on the drive! The process is fairly self-guiding, but it's entirely possible for something to go wrong. If there's anything on the drive that is irreplaceable, back it up before attempting to encrypt the drive.
Use BitLocker on a non-TPM system
Step 1: Know your hardware
Step 2: Configure the drives
Step 3: Edit the local policy
Step 4: Start the BitLocker encryption process
About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!
This was first published in March 2007