How to encrypt system partition by using BitLocker without TPM

It is highly recommended to encrypt your disk(s) and protect your data from unauthorized access. We can do it by using BitLocker which comes integrated into Windows.
Encrypt your disk with Bitlocker
Source: Pexels.com

It is highly recommended to encrypt your disks and protect your data from unauthorized access. The known tool used in Windows is called BitLocker. You can use it to encrypt system and non-system partition or disk, but also any removable disks. There are two options available, the first one is to encrypt the whole disk (recommended) or only data stored on the disk.

In order to use Bitlocker, it is mandatory you are running Windows Pro, Enterprise, or Education edition. When it comes to system encryption, your machine should support the TPM 1.2 or later. Some machines don’t support TPM and we’ll need to tweak group policy related to Bitlocker.

  1. Hold Windows logo and press R
  2. Type tpm.msc and press Enter to open TPM Management. In my case, the machine doesn’t support TPM.
Check TPM Support

It’s a time to re-configure group policy by using Local Group Policy Editor.

  1. Hold Windows logo and press R
  2. Type gpedit.msc and press Enter to open Local Group Policy Editor
  3. Navigate to the following location: Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption/Operating System Drive
Require additional authentication at startup
  1. Double click on Require additional authentication at startup
Allow BitLocker without a compatible TPM in Local Group Policy Editor
  1. Click Apply and then OK
  2. Open File Explorer and then This PC
  3. Right click on system partition and choose Turn on BitLocker
Turn on BitLocker on system partition
  1. Wait until BitLocker finishes checking the PC’s configuration.
Checking your PC’s configuration
  1. Choose how to unlock your drive at startup. There are two options available, the first is unlocking the system partition by using a USB flash drive, and the second is by using a password. In our example, we will choose a password.
Choose how to unlock your drive at startup
  1. Create a password to unlock this drive and click Next. Please use the best practice for defining password complexity.
Create a password to unlock this drive
  1. Choose where you want to save a recovery key and click Next. A recovery key is used in case you forget your password or you can’t unlock your encrypted disk. There are four options available as shown in the screenshot below. I’ll save it to a file and store it at a safe location
Choose how do you want to back up your recovery key
  1. Choose how much of your drive to encrypt and click Next. You can choose between encrypting used disk space only or the entire drive. For the testing purpose, I’ll go with the first option.
Choose how much of your drive to encrypt
  1. Choose which encryption mode to use and click Next. There are two options available, the first one is the method used for fixed devices and the second one is used to encrypt drives that can be moved from the device.
Choose which encryption mode to use
  1. Run BitLocker system check by clicking on Continue.
Run BitLocker system check
  1. Restart your Windows. Once it is done, you will need to type your password to unlock your system disk and enjoy Windows.
Unlock your drive

Thank you for reading this article. In case of any questions, feel free to comment or contact me.

Leave a Reply

Your email address will not be published.

Share via
Copy link