{"id":2520,"date":"2015-02-22T23:34:04","date_gmt":"2015-02-22T22:34:04","guid":{"rendered":"http:\/\/michlstechblog.info\/blog\/?p=2520"},"modified":"2015-02-23T10:37:22","modified_gmt":"2015-02-23T09:37:22","slug":"windows-enable-bitlocker-without-a-tpm-module","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/windows-enable-bitlocker-without-a-tpm-module\/","title":{"rendered":"Windows: Enable Bitlocker without a TPM module"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_2520 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_2520')){$('.twoclick_social_bookmarks_post_2520').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"Windows%3A%20Enable%20Bitlocker%20without%20a%20TPM%20module\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0Aby%20default%20Bitlocker%20could%20only%20activated%20when%20a%20TPM%20chip%20is%20physically%20present.%0D%0A%0D%0AIf%20you%20want%20to%20use%20Bitlocker%20without%20a%20TPM%20module%20you%20must%20change%20your%20%28local%29%20policy.%20Open%20the%20Group%20Policy%20Object%20Editor%20%28gpedit.msc%29%2C%20navigate%20to%0D%0A%20%28more%26hellip%3B%29\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/windows-enable-bitlocker-without-a-tpm-module\\\/\",\"post_id\":2520,\"post_title_referrer_track\":\"Windows%3A+Enable+Bitlocker+without+a+TPM+module\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>by default Bitlocker could only activated when a TPM chip is physically present.<br \/>\n<!-- https:\/\/technet.microsoft.com\/de-de\/library\/ee449438%28v=ws.10%29.aspx#BKMK_Key  http:\/\/blogs.technet.com\/b\/hugofe\/archive\/2010\/10\/29\/bitlocker-without-tpm.aspx  --><br \/>\nIf you want to use Bitlocker without a TPM module you must change your (local) policy. Open the Group Policy Object Editor (gpedit.msc), navigate to<br \/>\n<!--more--><\/p>\n<pre><code>\r\n-Computer Configration\r\n   -Administrative Templates\r\n     -Windows Components\r\n       -BitLocker Drive Encryption <\/code><\/pre>\n<p>and enable &#8220;<strong>Require additional authentication at startup&#8221;<\/strong>\u00a0 and <strong>&#8220;Allow Bitlocker without a compatible TPM&#8221;<\/strong><\/p>\n<figure id=\"attachment_2521\" aria-describedby=\"caption-attachment-2521\" style=\"width: 256px\" class=\"wp-caption alignnone\"><a href=\"http:\/\/michlstechblog.info\/blog\/wp-content\/uploads\/2015\/02\/bitlocker-policy.png\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-2521  \" title=\"Bitlocker Disable TPM\" alt=\"Bitlocker Disable TPM\" src=\"http:\/\/michlstechblog.info\/blog\/wp-content\/uploads\/2015\/02\/bitlocker-policy.png\" width=\"256\" height=\"278\" srcset=\"https:\/\/michlstechblog.info\/blog\/wp-content\/uploads\/2015\/02\/bitlocker-policy.png 320w, https:\/\/michlstechblog.info\/blog\/wp-content\/uploads\/2015\/02\/bitlocker-policy-276x300.png 276w\" sizes=\"auto, (max-width: 256px) 100vw, 256px\" \/><\/a><figcaption id=\"caption-attachment-2521\" class=\"wp-caption-text\">Bitlocker Disable TPM<\/figcaption><\/figure>\n<p>Ensure you have a USB Flash Drive and you have a BIOS which support Legacy USB Massstorage devices. After encrpytion the USB Flash drive is requiered each time you startup Windows. The Bitlocker startupkey will be stored there. The StartupKey is mandatory for TPM less systems.<\/p>\n<p>To encrypt Drive C: enter the option -sk should to the drive letter your USB flash device. SAVE THE RECOVERY PASSWORD!!!<\/p>\n<pre><code>\r\nC:\\&gt;<strong>manage-bde -on C: -rp -sk F:\\<\/strong>\r\nBitLocker Drive Encryption: Configuration Tool version 6.1.7601\r\nCopyright (C) Microsoft Corporation. All rights reserved.\r\n\r\nVolume C: []\r\n[OS Volume]\r\nKey Protectors Added:\r\n\r\n    Saved to directory D:\\\r\n\r\n    External Key:\r\n      ID: {A47479D5-6CB6-4417-AC40-7CE7F4B83D96}\r\n      External Key File Name:\r\n        A47479D5-6CB6-4417-AC40-7CE7F4B83D96.BEK\r\n\r\n    Numerical Password:\r\n      ID: {D58458E8-8881-41B3-B8D4-658A9F8DD6B8}\r\n      Password:\r\n        147653-426206-701393-184690-431750-716353-012771-023639\r\n\r\nACTIONS REQUIRED:\r\n\r\n    1. Save this numerical recovery password in a secure location away from\r\n    your computer:\r\n\r\n    147653-426206-701393-184690-431750-716353-012771-023639\r\n\r\n    To prevent data loss, save this password immediately. This password helps\r\n    ensure that you can unlock the encrypted volume.\r\n\r\n    2. Insert a USB flash drive with an external key file into the computer.\r\n\r\n    3. Restart the computer to run a hardware test.\r\n    (Type \"shutdown \/?\" for command line instructions.)\r\n\r\n    4. Type \"manage-bde -status\" to check if the hardware test succeeded.\r\n\r\nNOTE: Encryption will begin after the hardware test succeeds.\r\n\r\n<\/code><\/pre>\n<p>Reboot your System and check if hardware test passed successfully.<\/p>\n<pre><code>\r\nC:\\Users\\user>manage-bde -status\r\nBitLocker Drive Encryption: Configuration Tool version 6.1.7601\r\nCopyright (C) Microsoft Corporation. All rights reserved.\r\n\r\nDisk volumes that can be protected with\r\nBitLocker Drive Encryption:\r\nVolume C: []\r\n[OS Volume]\r\n\r\n    Size:                 40,00 GB\r\n    BitLocker Version:    Windows 7\r\n    Conversion Status:    Encryption in Progress\r\n    Percentage Encrypted: 17%\r\n    Encryption Method:    AES 128 with Diffuser\r\n    Protection Status:    Protection Off\r\n    Lock Status:          Unlocked\r\n    Identification Field: None\r\n    Key Protectors:\r\n        External Key\r\n        Numerical Password\r\n<\/code><\/pre>\n<p>Michael<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, by default Bitlocker could only activated when a TPM chip is physically present. If you want to use Bitlocker without a TPM module you must change your (local) policy. Open the Group Policy Object Editor (gpedit.msc), navigate to<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[466,5],"tags":[598,608,610,20,609],"class_list":["post-2520","post","type-post","status-publish","format-standard","hentry","category-security","category-windowsknowhow","tag-bitlocker","tag-encrypt","tag-module","tag-windows-2","tag-without-tpm"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/2520","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=2520"}],"version-history":[{"count":11,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/2520\/revisions"}],"predecessor-version":[{"id":2532,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/2520\/revisions\/2532"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=2520"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=2520"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=2520"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}