Académique Documents
Professionnel Documents
Culture Documents
BitLocker is a tool included in Windows Vista, Windows 7 (Enterprise and Ultimate) and
Windows 8 (Pro and Enterprise) that can be used to encrypt data on any drive. However, in order to
encrypt your system drive, you must have a TPM chip in your computer. If you dont, it is still possible to
use BitLocker but you need to set Windows so that it allows the use of BitLocker without this chip. In this
article I will first explain the use of a TPM chip (what it is and why it is used) and how to set both
Windows 7 and Windows 8 so that they do not to require this chip order to encrypt your system drive
with BitLocker.
This procedure is applying on workstation with TPM module activated, and user profile located
on Data Partition
Encryption software like BitLocker in Windows Vista, Windows 7 and Windows 8 use the TPM chip to
protect the keys used to encrypt your computers data. Then, it is used to authenticate your encrypted
computer and give you access to all the encrypted data when the device trying to access it is identified as
trusted. Since the key stored in each TPM chip is unique to that device, encryption software can quickly
verify that the system seeking access to the encrypted data is the expected system and not a different one.
Figura1. TPM Chip
In Windows 8, search directly on the Start Screen and go to the Settings section to see the appropriate
search results. Click or tap on the Edit group policy search result to open the Local Group Policy Editor
tool.Alternatively, you can use the Run window to run this command: gpedit.msc.
Figura5. Local Group Policy Windows 8
On the left-hand panel, go to the Computer Configuration section and open the following folders:
Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Operating System
Drives.
Figura7. Identify Bitlocker Drive Encryption in Local Group Policy
Now look to the right hand panel and search for a setting named: "Require additional authentication at
startup".
On the left-hand panel, go to the Computer Configuration section and open the following folders:
Administrative Templates -> Windows Components -> BitLocker Drive Encryption
Figura11. Configuring policy for Choose Drive Encryption Method and Cypher Strenght"
When done, close the Local Group Policy Editor. You can now use BitLocker to encrypt your system drive
without having a TPM chip in your computer. If you will want to set things back to the way they were,
follow the same procedure and set "Require additional authentication at startup" to Not Configured.