However, when the BitLocker encryption is enabled for the system partition of the hard disk, most users encounter a message that "this device cannot use a trusted platform module (TPM). The administrator must set the parameter to enable the use of BitLocker without compatible TPM. " About how to do this and encrypt a system disk using BitLocker without TPM and will be discussed in this short instruction. See also: How to put a password for a USB flash drive using BitLocker.
Brief reference: TPM - a special cryptographic hardware module used for encryption tasks can be integrated into the motherboard or connect to it. Note: If your computer or laptop is equipped with a TPM module, and you see the specified message, it may mean that for some reason TPM is disabled to the BIOS or not initialized in Windows (press Win + R keys and enter the TPM.MSC to control the module).
Allow BitLocker without compatible TPM in Windows 10 latest version
In the latest version of Windows 10 (1903 May 2019 Update), the location of the policy responsible for the use of BitLocker to encrypt the disk system partition without the TPM module has changed somewhat (for previous versions the location is described in the next section).
To enable BitLlocker encryption without TPM in the new version of the OS, do the following steps:
- Press the Win + R keys on the keyboard, enter the gpedit.msc and press ENTER.
- Local Group Policy Editor opens. Go to: Computer Configuration - Administrative Templates - Windows components - BitLocker disk encryption - operating system discs.
- In the right pane of the Local Group Policy Editor, find the "This Policy Setting allows you to configure an additional authentication requirement at startup" and double-click on it. Please note that the list has two parameters with the same name, we need one that without specifying Windows Server.
- In the window that opens, select "Enabled" and make sure that the "Allow the use of BitLocker without compatible TPM is turned on". Apply the settings made.
On this process is completed and now you can enable BitLocker encryption for the Windows 10 disk system partition.
This same resolution you can enable and use the Registry Editor: For this section HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ FVE, create a DWORD value named EnableBDEWithNoTPM and set it to 1.
Resolution BitLocker without a compatible TPM in Windows 10, Windows 7 and 8
To it was possible to encrypt the system drive with BitLocker without the TPM, it is enough to change a single setting in the editor of the local Windows Group Policy.
- Press Win + R and type gpedit.msc to start the Local Group Policy Editor.
- Open section (left folder): Computer Configuration - Administrative Templates - the Windows Components - This policy setting allows you to select BitLocker Drive Encryption - Drives operating system.
- In the right pane, double-click on the option "This policy setting allows you to adjust the requirement of additional authentication at startup.
- In the window that opens, select the "Enabled" and make sure that is checked "Allow BitLocker without a compatible TPM" (see. Screenshot).
- Apply the changes made.
Then you can use the disk encryption with no error message, simply select the system disk in Windows Explorer, click on the right mouse button and select the context menu item "Enable BitLocker», then follow the encryption wizard. Also, this can be done in the "Control Panel" - "Drive Encryption BitLocker».
You can either set a password to access the encrypted disk or create a USB-device (USB flash drive), to be used as a key.
Note: during 10 in Windows 8 and you will be prompted to encrypt the disk to save the data to decrypt including your Microsoft account. If you have it set up properly, I recommend to do it - from my own experience of using BitLocker, the recovery code disk access from the account in case of a problem may be the only way not to lose your data.