 | | Welcome to Windows 7 Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows 7. The Windows 7 forum also covers news and updates and has an extensive Windows 7 tutorial section that covers a wide range of tips and tricks. | Windows 7 - BitLocker Drive Encryption - Windows 7 Drive - Turn On or Off with no TPM
BitLocker Drive Encryption - Windows 7 Drive - Turn On or Off with no TPM How to Turn BitLocker On or Off without a TPM for Windows 7 Drive
Published by Brink
03-02-2009
|  BitLocker Drive Encryption - Windows 7 Drive - Turn On or Off with no TPM
How to Turn BitLocker On or Off without a TPM for Windows 7 Drive  Information This will show you how to turn BitLocker Drive Encryption on or off for your Windows 7 or other operating system drive or partition when your computer does not have a Trusted Platform Module (TPM). When BitLocker Drive Encryption is turned on, you will be required to plug in the USB flash drive that contains the startup key before starting the computer to unlock the Windows 7 or other operating system drive or partition at startup.  Note When you add new files to the Windows 7 or other operating system drive or partition that is encrypted with BitLocker, BitLocker encrypts them automatically. Files remain encrypted only while they are stored in the encrypted drive. Files that are copied to another drive, partition, or computer are decrypted.  Warning REQUIREMENTS:- BitLocker is only available in the Windows 7 Ultimate and Enterprise editions.
- A USB flash drive. BitLocker will store its key on the flash drive to use to unlock the Windows 7 drive at startup.
- Have at least two partitions. One partition must include the drive Windows 7 is installed on and must be at least 400 MB. This is the drive that BitLocker will encrypt. The other partition is the active partition, which must remain unencrypted so that the computer can be started. If you have the 100 MB System Reserved partition that Windows 7 creates during installation on a blank drive or partition, then BitLocker will store the key on it instead. If your computer does not have two partitions, BitLocker will create them for you. Both partitions must be formatted with the NTFS file system.
- A BIOS that supports USB devices during computer startup.
PREPARATION: To Allow BitLocker without a TPM Note You have the option to use the Local Group Policy Editor or a .reg file download to allow BitLocker to be able to encrypt the Windows 7 or other operating system drive or partition without a TPM and with a USB flash drive instead. METHOD ONE:
Using Local Group Policy Editor1. Open the Local Group Policy Editor.
2. In the left pane, click on to expand Computer Configuration, Administrative Templates, Windows Components, BitLocker Drive Encryption, and Operating System Drives. (See screenshot below)
3. In the right pane, right click on Require additional authentification at startup and click on Edit. (See screenshot above)
4. To Allow BitLocker without TPMA) Select (dot) Enabled. (See screenshot below step 6)
B) Under the Options section, check the Allow Bitlocker without a compatible TPM box. (See screenshot below step 6)
C) Go to step 6.
5. To Undo Allow BitLocker without TPM
NOTE: This is optional. Unless you now have a TPM that you would like to use instead, it will not hurt anything to leave this set as in step 4 above.A) You will need to do OPTION TWO below first to turn off BitLocker.
B) Select (dot) either Not Configured or Disabled. (See screenshot below step 6)
6. Click on OK. (See screenshot below)
7. Close the Local Group Policy Editor window.
8. Open the Start menu, and type gpupdate.exe /force into the search line and press Enter. (See screenshot below)
9. You will see this command prompt pop-up briefly, then go away when completey successfully. (See screenshot below)
10. If you did step 4, then go to OPTION ONE to turn on BitLocker. If you did step 5, then you are done.
METHOD TWO:
Using a REG File Download1. To Allow BitLocker without TPMA) Click on the Download button below to download the file below.Enable_No_TPM.zip
B) Go to step 3.
2. To Undo Allow BitLocker without TPM
NOTE: This is optional. Unless you now have a TPM that you would like to use instead, it will not hurt anything to leave this set as in step 1 above.A) You will need to do OPTION TWO below first to turn off BitLocker.
B) Click on the Download button below to download the file below.Default_Require_TPM.zip
3. Click on Save, and save the .zip file to the desktop.
4. Open the downloaded .zip file and extract the .reg file to the desktop.
5. Right click on extracted the .reg file and click on Merge.
6. Click on Run, Yes, Yes, and OK when prompted.
7. Restart the computer to apply.
8. When done, you can delete the downloaded .reg and .zip files if you like.
9. If you did step 1, then go to OPTION ONE to turn on BitLocker. If you did step 2, then you are done.
OPTION ONE
Turn On BitLocker to Encrypt Windows 7 Drive
1. Decide if you want 128-bit or 256-bit encryption.
NOTE: By default, Windows 7 will use AES encryption with 128-bit encryption keys and Diffuser unless changed already by you previously.
2. Plug in the USB flash drive that you want to use to have the startup and recovery key saved to.
NOTE: You will still be able to use the USB flash drive as normal. Just do not remove the BitLocker startup key file (step 7) that is used to unlock your Windows 7 at startup.
3. Open the Start menu and click on the Computer button, then right click on the Windows 7 or other operating system drive or partition letter and click on Turn on BitLocker. (See screenshot below)
A) Go to step 5.
OR
4. Open the Control Panel (icons view), and click on the BitLocker Drive Encryption icon.A) Click on Turn On BitLocker for the Windows 7 or other operating system drive or partition letter. (See screenshot below)
5. Select the Require a Startup key at every startup option. (See screenshot below)
NOTE: The Use BitLocker without additional key and Require PIN at every startup options are not available unless you have a TPM.
6. Select the USB flash drive from step 2, and click on the Save button. (See screenshot below)
7. Select the Save the recovery key to a USB flash drive option. (See screenshot below)
NOTE: It is highly recommended that you do the other two options as well and save this key file somewhere safe. You will need the recovery key number to gain access to the encrypted Windows 7 or other operating system drive if you should lose or damage the USB flash drive with the startup key, or if BitLocker locks the drive.
A) Select the USB flash drive from step 2, and click on the Save button. (See screenshot below)
B) When finished, click on the Next button. (See screenshot below step 7)
8. Check the Run BitLocker system check box, then click on the Continue button. (See screenshot below)
9. Click on the Restart Now button. (See screenshot below)
WARNING: This will restart your computer immediately. Close and save anything that you are working on first.
10. When the computer restarts, BitLocker will start encrypting the Windows 7 drive. Click on the BitLocker icon in the taskbar notification area (far right) to see the encryption status. (See screenshot below)
NOTE: This may take a while to finish.
11. When BitLocker is finished, click on the Close button. (See screenshot below)
12. You will now have a Manage BitLocker option in the Control Panel and Computer for the encrypted drive. (See screenshots below) 
13. If you click on Manage BitLocker, these will be the options that you will have below. (See screenshot below)
Warning It is highly recommended that you do one or both options below. You will need the recovery key number to gain access to the encrypted Windows 7 or other operating system drive if you should lose or damage the USB flash drive with the startup key, or if BitLocker locks the drive.
14. You're done. The Windows 7 or other operating system drive or partition is now encrypted with BitLocker Drive Encryption. You will now be required to plug in the USB flash drive that contains the startup key in order to unlock and startup Windows 7 or the other operating system.
OPTION TWO
Turn Off BitLocker to Decrypt Windows 7 Drive
NOTE: If you do not care about losing all data on the drive/partition, then formating or using the clean command will allso turn off BitLocker for the drive/partition. 1. Open the Control Panel (icons view), and click on the BitLocker Drive Encryption icon.
2. Click on Turn Off BitLocker for the Windows 7 or other operating system drive or partition letter that you want to turn off BitLocker with. (See screenshot below)
3. Click on the Decrypt Drive button. (See screenshot below)
4. BitLocker will now start decrypting the drive. Click on the BitLocker icon in the taskbar notification area (far right) to see the encryption status. (See screenshot below)
NOTE: This may take a while to finish.
5. When finished, click on the Close button. (See screenshot below)
6. The Control Panel and Computer will now have the Turn On BitLocker option again.
7. If you would like to restore the default Group Policy setting to have BitLocker use a TPM instead of a USB flash drive, then do METHOD ONE (step 5) or METHOD TWO (step 2) in the PREPARATION section at the top of the tutorial.
8. You're done. The Windows 7 drive or other operating system drive or partition is now decrypted.
That's it,
Shawn |  Published by | | Administrator Join Date: Oct 2008 Location: Texas Posts: 34,499 | |
Tutorial Tools | | | |  | | | | | |
09-24-2009
|
#1 | |
|
Question:
This guide is for bitlocker with USB key, anyone have a guide or information on using bitlocker with either a PIN, or without a PIN or USB key? I see step 5 has these options in the screen cap.
| My System Specs | | |
09-24-2009
|
#2 | |
Windows 7 Ultimate x64 SP1 |
Hello Mahjohn, and welcome to Seven Forums.
If your motherboard supports and has a TPM built-in or connected to it, then you can skip the PREPARATION section of this tutorial to enable Bitlocker with a TPM on a drive using the rest of the steps in the tutorial and selecting the PIN option (or other option) instead.
If not, then you will have to use the method in the tutorial without a TPM using a USB key.
Hope this helps,
Shawn | | My System Specs | | System Manufacturer/Model Number Self built custom
OS Windows 7 Ultimate x64 SP1
CPU Intel i7-980X 3.3 Ghz (3.48 Ghz OC'd)
Motherboard ASUS P6X58D Premium
Memory 12 GB (2GBx6) DDR3 PC3-16000 2000 MHz Kingston HyperX
Graphics Card Sapphire HD5870 Eyefinity 6 2GB
Sound Card Realtek HD Audio ALC889 Integrated Chip
Monitor(s) Displays 3x 27" Asus VE278Q
Screen Resolution 1920x1080
Keyboard Logitech Cordless Desktop MX 5500 Revolution
Mouse Logitech Cordless Desktop MX 5500 Revolution
PSU OCZ Series Gold OCZZ1000M 1000W
Case Corsair Obsidian 800D
Cooling Thermalright Ultra 120 Extreme Copper CPU heat sink w/120 MM
Hard Drives 160GB OCZ RevoDrive X2
** 2 x 1TB Samsung HDD HD154UI SATA
Internet Speed 50 Mb/s Download and 2 Mb/s Upload
Other Info Microsoft LifeCam Cinema
** Lite-On iHBS212 12x BD Writer
** Samsung CLX-3175FW Printer
** Netgear WNDR3800 Router
** Motorola SBG6580 Cable Modem
** 2x APC Back-UPS XS 1500
|
11-24-2009
|
#3 | |
|
Hi Shawn
The way I understood it was that Bit Locker is only available on the Enterprise and Ultimate versions of Windows 7.
Does the .reg file in your usual excellent tutorial enable it in other versions too? | | My System Specs | | System Manufacturer/Model Number Mesh 955 XGS
OS Windows 7 64 bit
CPU Athlon X4 955 Black edition
Motherboard ASUS M4A78 Pro
Memory 8GB DDR2
Graphics Card 1x Radeon 4890
Monitor(s) Displays IIyama ProLite E2208HDS
Screen Resolution 1920X1080p
Keyboard MS wireless 6000
Mouse MS wireless laser 7000
PSU 600 watt
Cooling Standard
Hard Drives 2x 1TB Samsung SATA2
1x 320GB IDE
Internet Speed Not as fast as it should be......
|
11-24-2009
|
#4 | |
Windows 7 Ultimate x64 SP1 |
Hello Steve,
Sorry, but no. It's still only available in those editions.  | | My System Specs | | System Manufacturer/Model Number Self built custom
OS Windows 7 Ultimate x64 SP1
CPU Intel i7-980X 3.3 Ghz (3.48 Ghz OC'd)
Motherboard ASUS P6X58D Premium
Memory 12 GB (2GBx6) DDR3 PC3-16000 2000 MHz Kingston HyperX
Graphics Card Sapphire HD5870 Eyefinity 6 2GB
Sound Card Realtek HD Audio ALC889 Integrated Chip
Monitor(s) Displays 3x 27" Asus VE278Q
Screen Resolution 1920x1080
Keyboard Logitech Cordless Desktop MX 5500 Revolution
Mouse Logitech Cordless Desktop MX 5500 Revolution
PSU OCZ Series Gold OCZZ1000M 1000W
Case Corsair Obsidian 800D
Cooling Thermalright Ultra 120 Extreme Copper CPU heat sink w/120 MM
Hard Drives 160GB OCZ RevoDrive X2
** 2 x 1TB Samsung HDD HD154UI SATA
Internet Speed 50 Mb/s Download and 2 Mb/s Upload
Other Info Microsoft LifeCam Cinema
** Lite-On iHBS212 12x BD Writer
** Samsung CLX-3175FW Printer
** Netgear WNDR3800 Router
** Motorola SBG6580 Cable Modem
** 2x APC Back-UPS XS 1500
|
11-25-2009
|
#5 | |
Win 7 Ultimate 64-bit, Win7 N 32-bit, WHS |
I am very impressed with the tutorials in this forum, and check out the titles regularly to see if anything fits my needs. The TPM idea was new to me - although I have been security conscious for many years. I have a secure chip card reader (Reiner SCT) for use with XP for all my banking and the like, but haven't tried it with Windows 7. I suppose it would need new software...
Cheers,
LMH | | My System Specs | | System Manufacturer/Model Number 2 x home-brew
OS Win 7 Ultimate 64-bit, Win7 N 32-bit, WHS
CPU AMD 64 X2 3600+, AMD Phenom II X3 720BE
Motherboard Gigabyte MA770-UD3, Gigabyte MA790GP-4UDH4, GA-890GPA-UDH3
Memory 4GB DDR2 OCZ dual-channel, 6GB DDR2 Corsair
Graphics Card Gigabyte HD 4850 on the dual-booter, built-in on others
Sound Card 2 x onboard
Monitor(s) Displays LG Flatron W2353V
Screen Resolution 1920 x 1080
Keyboard Logitech diNovo Edge
Mouse Logitech MX Revolution
PSU Corsair HX 620, Corsair 450, Kamariki et al.
Case Lian Li PC-7F, Antec Sonata, Macase
Hard Drives Seagates, Samsung, WD
Internet Speed 1500kb/s
Other Info There's a few other PCs in my 'office', all older machines, running Ubuntu 9.10, Vista Ultimate and one surviving Windows ME machine (due to some old programs that I haven't moved...). I believe another 'veteran' still runs OpenSuse...
System Manufacturer/Model Number Mesh 955 XGS
OS Windows 7 64 bit
CPU Athlon X4 955 Black edition
Motherboard ASUS M4A78 Pro
Memory 8GB DDR2
Graphics Card 1x Radeon 4890
Monitor(s) Displays IIyama ProLite E2208HDS
Screen Resolution 1920X1080p
Keyboard MS wireless 6000
Mouse MS wireless laser 7000
PSU 600 watt
Cooling Standard
Hard Drives 2x 1TB Samsung SATA2
1x 320GB IDE
Internet Speed Not as fast as it should be......
|
11-26-2009
|
#7 | |
Windows 7 Ultimate x64 SP1 |
You're welcome LMH and Beauparc. Thank you.  | | My System Specs | | System Manufacturer/Model Number Self built custom
OS Windows 7 Ultimate x64 SP1
CPU Intel i7-980X 3.3 Ghz (3.48 Ghz OC'd)
Motherboard ASUS P6X58D Premium
Memory 12 GB (2GBx6) DDR3 PC3-16000 2000 MHz Kingston HyperX
Graphics Card Sapphire HD5870 Eyefinity 6 2GB
Sound Card Realtek HD Audio ALC889 Integrated Chip
Monitor(s) Displays 3x 27" Asus VE278Q
Screen Resolution 1920x1080
Keyboard Logitech Cordless Desktop MX 5500 Revolution
Mouse Logitech Cordless Desktop MX 5500 Revolution
PSU OCZ Series Gold OCZZ1000M 1000W
Case Corsair Obsidian 800D
Cooling Thermalright Ultra 120 Extreme Copper CPU heat sink w/120 MM
Hard Drives 160GB OCZ RevoDrive X2
** 2 x 1TB Samsung HDD HD154UI SATA
Internet Speed 50 Mb/s Download and 2 Mb/s Upload
Other Info Microsoft LifeCam Cinema
** Lite-On iHBS212 12x BD Writer
** Samsung CLX-3175FW Printer
** Netgear WNDR3800 Router
** Motorola SBG6580 Cable Modem
** 2x APC Back-UPS XS 1500
|
01-16-2010
|
#8 | |
|
help with preparing drive for bitlocker
I have win 7 ultimate and have had no trouble turning on bitlocker on two of the three computers at home. one lap and two desktops. for some reason the message is cannot find the target drive and set up will have to be done manually. I have enabled it like the tutorial so greatly described . Does anyone know what i am missing? or direct me to the process for preparing the drive?
Regards, | | My System Specs | | System Manufacturer/Model Number hp m8307c
OS win 07 ultimate 32bit
CPU Kentsfield 2Quad CPU Q6600 @2.4
Motherboard Benecia/ Asustek
Memory 4.0
Graphics Card nvidia GeForce 8400
Sound Card Hauppauge WinTV HVR-1800
Monitor(s) Displays AOC 2330V
Screen Resolution 1920X1080
Hard Drives master WDC 500gb
slave WDC 1.0tb
simplesave hp usb
Internet Speed avg 20. down 3 up
|
01-16-2010
|
#9 | |
Windows 7 Ultimate x64 SP1 |
Hello John,
Does Windows 7 recognize and find and use the drive normally without BitLocker?
At what point in the tutorial does this happen? | | My System Specs | | System Manufacturer/Model Number Self built custom
OS Windows 7 Ultimate x64 SP1
CPU Intel i7-980X 3.3 Ghz (3.48 Ghz OC'd)
Motherboard ASUS P6X58D Premium
Memory 12 GB (2GBx6) DDR3 PC3-16000 2000 MHz Kingston HyperX
Graphics Card Sapphire HD5870 Eyefinity 6 2GB
Sound Card Realtek HD Audio ALC889 Integrated Chip
Monitor(s) Displays 3x 27" Asus VE278Q
Screen Resolution 1920x1080
Keyboard Logitech Cordless Desktop MX 5500 Revolution
Mouse Logitech Cordless Desktop MX 5500 Revolution
PSU OCZ Series Gold OCZZ1000M 1000W
Case Corsair Obsidian 800D
Cooling Thermalright Ultra 120 Extreme Copper CPU heat sink w/120 MM
Hard Drives 160GB OCZ RevoDrive X2
** 2 x 1TB Samsung HDD HD154UI SATA
Internet Speed 50 Mb/s Download and 2 Mb/s Upload
Other Info Microsoft LifeCam Cinema
** Lite-On iHBS212 12x BD Writer
** Samsung CLX-3175FW Printer
** Netgear WNDR3800 Router
** Motorola SBG6580 Cable Modem
** 2x APC Back-UPS XS 1500
BitLocker Drive Encryption - Windows 7 Drive - Turn On or Off with no TPM problems?
All times are GMT -5. The time now is 03:33 AM. |  |
