BitLocker: Lock drives w/o TPM device

“Nay!” they say; “It's not possible!” they say; “You can't lock a drive with BitLocker without a TPM device!” they say… “Bah!” I say, what a load of “#$%*&! That said (pun intended) do read on and find out a simple way to encrypt that which matters most and get away with it without the use of “training wheels”.

A great honor has been bestowed upon You (yes - YOU) to personally deliver Granny's latest highly classified chocolate chip and mozzarella muffin formula to the cookie factory and to do that you have been handed a cuff-to-wrist-to-special-titanium-alloy-cloaked-by-light-reflecting-quantum-piezo-oled-ccd-sensor-grenade-proof-uber-light-water-tight-non-smoking-iPhone-compatible-gps-traceable laptop case that contains the notebook PC on which's HDD the recipe is stored. But You know better then to trust just another stylish carry case and a logon screen so You decide to up the security ante and encrypt the said hard drive using integrated Windows BitLocker technology. And so after 26h 37m and 04s that has taken You to insert the special 6548792134897456321-bit encrypted password (and swipe all twenty fingers through the scanner + provide a not more then 15 minutes old urine sample to boot) and finally get the darn thing open, sadly You find out that Your cunning plan to additionally enhance security goes out the window 'cause some knucklehead forgot to buy a model that actually HAS a TPM chip! Never fear - Dr. Vlad is here! ;)

All You need to do is as simple as quickly climbing up a tree whilst being chased by a drunk Mogwai smoking three cigarettes at the same time:

Open up Local Group Policy Editor running the gpedit.msc cmdlet and go to: Administrative Templates → Windows Components → BitLocker Drive Encryption → Operating System Drives

Enable the policy: “Require additional authentication at startup” and be sure that the “Allow BitLocker without a compatible TPM” option check box is ticked.

All done!

Now go and finally get that recipe to the factory! Production is at a halt while Yo're fiddling about with some IT nonsense thinking You're 007, and all that THAT is going to achieve is make Granny send You of to bed without any milk and cookies :P

Enter your comment:
106 -1᠎ =
  • windows/misc/bitlocker_no_tpm.txt
  • Last modified: 2019/10/31 09:06
  • by