- A removable USB memory device. As I mentioned, if you don't have a TPM-enabled system, then the second way you can use BitLocker is by having the encryption key written to a removable USB flash drive.
- A BIOS that can boot the system from a USB device. The USB drive with the BitLocker key must be connected and must be readable through BIOS when the system first starts; and this is why BitLocker needs a system that can boot from USB to make it work.
Note: With some computers, it's possible to plug in a USB device via a hub and still have it be seen by the computer at boot time. But, it's not always possible. If your system uses an external hub, you may want to experiment and see what ports are visible at boot time.
If your computer doesn't have TPM and can't boot from a USB device, it is still possible to use BitLocker, although it will be somewhat cumbersome. BitLocker will provide you with a 48-digit recovery password to use when booting the system. You cannot set the recovery password manually, and its length is not user-settable, so that makes it a little difficult to use the recovery password as a standard-issue way to boot the computer.
Using BitLocker on a non-TPM system
Step 1: Know your hardware
Step 2: Configure the drives
Step 3: Edit the local policy
Step 4: Start the BitLocker encryption process
About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!
This was first published in September 2008