‘Encrypt system partition using BitLocker without TPM’ [Full Guide]

Your data are important and you need to take care of them. One of the methods which will help you to take care of data integrity and confidentiality is disk encryption. That sounds fine, but what is encryption and how to do it? There are different tools which can help you to encrypt your disk and your data. One of them is known as BitLocker. BitLocker is a tool Integrated into Windows operating systems, and you do not need to download and install it as third-party tool or application. There are different requirements for using BitLocker, including TPM 1.2 or later and proper Windows edition. We are talking about Windows 10, and based on that you will need to use Windows 10 Pro, Windows 10 Enterprise or Windows 10 Education. If you are another edition, you will not be able to use BitLocker. So, what you can encrypt with BitLocker? You can encrypt whole hard disk or solid state drive, partition, external hard disk or USB flash disk. If you want to encrypt system partition, your Windows machine should support TPM 1.2 or later.  We will show you how to check does your Windows machine support TPM or not. This method is compatible with operating systems from Windows 7 to Windows 10. You will need to use the Administrator account, because Standard user account is not allowed to do system changes.

  1. Hold Windows logo and press R
  2. Type tpm.msc and press Enter to open TPM Management, to check does your machine supports TPM or not. In our example, our Windows machine powered by Asus motherboard P5B75-M does not support TPM and we will not be able to encrypt system partition by using BitLocker and TPM.

Don’t worry, we will show you how to encrypt system partition by using BitLocker, but without TPM support. You will need to reconfigure policy in Local Group Policy Editor. You will need to use the Administrator account, because Standard user account is not allowed to run system tools. This method is compatible with Windows 7, Windows 8 and Windows 8.1.

  1. Hold Windows logo and press R
  2. Type gpedit.msc and press Enter to open Local Group Policy Editor
  3. Navigate to the following location: Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption/Operating System Drive
  4. Double click on Require additional authentication at startup
  5. Click Apply and then OK
  6. Hold Windows logo and press E to open File Explorer
  7. Open This PC
  8. Right click on system partition and choose Turn on BitLocker
  9. Choose how to unlock your drive at startup. There are two options available, the first is unlocking system partition by using USB flash drive, and second is by using a password. In our example, we will choose a password.
  10. Create a password to unlock this drive and press We are recommending you to use a password with minimal eight characters, without using PII (Personally Identifiable Information)
  11. Choose where you want to save a recovery key. A recovery key can be used to access your files and folders. If you’re having problems unlocking your PC. It’s a good idea to have more than one and keep each in a safe place other than your PC. There are four options available for saving recovery key, including Microsoft account, USB flash drive, save to a file and print the recovery key. We will save recovery key by clicking on Save a file
  12. Save a recovery key to secondary partition or external disk and then click Save. Please note that you are not able to save a recovery key to the system partition
  13. Choose which encryption mode to use. There are two options available including encryption for fixed drives on device and encryption for external disk. We want to encrypt system partition, and we will choose the first method and then click Next.
  14. Click Continue to check is your system ready for encryption by using BitLocker
  15. Click Restart now to start encryption
  16. Wait until BitLocker is finished encryption of system partition
  17. Type password to unlock this drive
ABOUT THE AUTHOR

Jasmin Kahriman


Jasmin is a tech-savvy Systems Engineer with over 15 years of experience in IT infrastructure, holding multiple IT certifications including CNIP, MTA, MCP, MCSA, MCT, Server+, and Network+.