Windows 7 – Enable BitLocker on a Drive Without TPM

By default Windows 7 will only enable BitLocker if you have  TPM device built into your computer and it is enabled from the BIOS.

What is a TPM and what does it do?

TPM stands for Trusted Platform Module and it is a microchip which is built into your computers motherboard. The TPM device works with your operating system to provide advanced security features, for example it’s used to safely store the BitLocker encryption key.


If you try enabling BitLocker without a TPM device (or if the TPM device is not enabled in the BIOS) you will receive the following message that says “A compatible Trusted Platform Module (TPM) Security Device must be present on this computer, but a TPM was not found. Please contact your system administrator to enable BitLocker”

Fortunately for those systems with a TPM you can still enable BitLocker by using a USB key to store the encryption key. However if the key is lost you will not be able to access the Windows 7 installation or the data saved on the hard drive.



The following steps will enable allow a USB key to be used to store the encryption key:


    1. Open the Start menu, enter ‘gpedit.msc’ in the search box and press ‘Enter’ on the keyboard
    2. Navigate to ‘Computer Configuration -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Operating System Drives’
    3. Double click on ‘Require additional authentication at startup’
    4. Select ‘Enabled’ and tick the option which says ‘Allow BitLocker without a compatible TPM’
    5. Click ‘OK’ to save the changes and close the local group policy window

    1. Find a suitable USB key to use to store the encryption key and plug it into the computer.
    2. Open the ‘Computer’ window, right click on the drive you want to encrypt (C Drive) and select ‘Turn on BitLocker’

    1. When ready click ‘Next’, ‘Next’ and then ‘Restart Now’
    2. After the computer is restarted the BitLocker Drive Encryption wizard will resume. Click ‘Next’

    1. Select ‘Require a Startup key at every startup’

    1. Select the USB drive from the list and then click ‘Save’
    2. Either select ‘Save the recovery key to a file’ or ‘Print the recovery key’and place the key in a safe location. (The recovery key is used as a backup in case the Startup key fails or the USB drive is lost.)
    3. Select the USB drive from the list and then click ‘Save’
    4. Click ‘Next’ then ‘Continue’
    5. Click ‘Restart now’ to start the encryption process
    6. After restarting Windows will start encrypting the hard drive in the background. You can use the computer whilst it works.


8 comments on “Windows 7 – Enable BitLocker on a Drive Without TPM

  1. I have created a 10-gig partitioned drive (X) on my Sony VAIO (bought 10/2010), which does not have a TMP.

    I think I can follow the instructions on this thread to do the encrypting, but here is a question: do I have to find/then move the “system files” (i.e., the files needed to boot or start the computer) to drive X first? Or will the magic be done automatically?

  2. Hi Jennie,

    Once the encryption process has started it’s all very much in the background. At a guess the little bubble appeared momentarily then remained hidden.

    You can confirm that your drive is encrypted by the icon in the ‘Computer’ window. It should have a little yellow padlock to show that BitLocker is enabled on the drive.

    (having said this, I once had the encryption process fail – I had to run it a second time).

  3. I started Bitlocker enabled wo TPM. I don’t see the box that shows how much is encrypted. When I did this on another computer, same brand and model, I had the box shown above that told me progress. Have I done something wrong?

Leave a Reply

Your email address will not be published. Required fields are marked *