Home » Windows 10 » How to Enable BitLocker Without TPM (Windows 10 & 11)

How to Enable BitLocker Without TPM (Windows 10 & 11)

By

Can you use BitLocker if your PC doesn’t have a Trusted Platform Module (TPM)? The answer is yes. By default, Windows requires a TPM chip to store encryption keys, but you can bypass this requirement by making a simple change in the Windows Group Policy Editor.

In this guide, I’ll show you exactly how to “Allow BitLocker without a compatible TPM” so you can secure your files with a startup PIN or USB key instead.

Prerequisites: What You Need
Before we begin, ensure you meet these two requirements:

  1. Windows Pro or Enterprise: BitLocker is not available on Windows Home editions. (Check your version: Press Win key + Pause/Break on your keyboard).
  2. Administrator Privileges: You must be logged in as an admin to change Group Policies.
Table Of Contents
  1. Step 1: Open the Local Group Policy Editor
  2. Frequently Asked Questions (FAQ)

Step 1: Open the Local Group Policy Editor

To allow encryption without hardware security, you need to tell Windows to stop looking for a TPM chip.

  1. Press Windows Key + R to open the Run dialog.
  2. Type gpedit.msc and press Enter.
  3. Navigate to the following path: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives
Enabling "Allow BitLocker without a compatible TPM" in Group Policy Editor.

Step 2: Enable “Require Additional Authentication at Startup”

  1. In the right-hand pane, find and double-click: Require additional authentication at startup.
  2. Note: Avoid the version that says “Windows Server 2008“—that’s for legacy systems and not the one you want.
  3. Set the policy to Enabled.
  4. Ensure the checkbox “Allow BitLocker without a compatible TPM” is ticked.
  5. Click Apply and OK.
Requiring additional authentication for BitLocker.

Step 3: Turn on BitLocker via Control Panel

Now that the restriction is lifted, you can start the encryption process.

  1. Click the Start button and type “Manage BitLocker.” Click Manage BitLocker (Control Panel) in the search results.
  2. Select the C: Drive (or your OS drive) and click Turn on BitLocker.
  3. Choose your unlock method. Since you don’t have a TPM, you should select Enter a PIN (Recommended). This PIN will be required every time you turn on your computer. It needs to be between 6 and 20 characters long.

Step 4: Backup Your Recovery Key (Critical)

Windows will ask how you want to save your 48-digit Recovery Key. Do not skip this. If something goes wrong with your PC (and it will at some point), this could be the only way to get your files and folders.

  • Recommendation: Save it to your Microsoft Account AND print a physical copy. If you lose your PIN and your recovery key, your data is gone forever.
  • Make sure that you can access your Microsoft account from a different device. Remember that if you ever need your recovery key, your current computer won’t be working.

Step 5: Choose Encryption Mode & Run System Check

  1. How much to encrypt: Choose “Used disk space only” for new PCs, or “Entire drive” for older PCs.
  2. Encryption Mode: Select New encryption mode (XTS-AES) for fixed drives.
  3. Run BitLocker System Check: Before any encryption takes place you can restart your computer, then enter the BitLocker PIN and see if it actually works.

Restart your computer. Windows will now ask for your PIN. Enter it into the box and hit Enter on your keyboard. Once you’re back on the desktop, the encryption will begin in the background.

BitLocker requiring a PIN to unlock the drive.

Frequently Asked Questions (FAQ)

Why is gpedit.msc missing on my PC?
This usually means you’re running Windows Home. BitLocker is a Pro-only feature. If you have a Home edition of Windows you may be able to use Device Encryption or consider using VeraCrypt as a free, open-source alternative.

Is BitLocker safe without a TPM?
Yes, but it is slightly less convenient. With a TPM, the chip unlocks the drive automatically. Without it, you must enter a PIN or insert a USB key every time you boot up. Security-wise, a strong PIN is just as effective at preventing unauthorized data access.

Can I enable BitLocker on Windows 11 without TPM?
Yes. While Windows 11 itself requires a TPM to install, some users run it on older hardware using bypasses. This Group Policy method works exactly the same on Windows 11 as it does on Windows 10.

Summary

I prefer to have BitLocker setup to require a password (PIN) rather than simply authenticating from a TPM. The only real downside is that you’ll need to enter the PIN on every startup or restart.

Related Posts

How to Use BitLocker Drive Encryption: The Beginner’s Guide
You can easily setup BitLocker if your computer has a compatible TPM, which most Windows 11 PCs have.

How to Use BitLocker To Go to Password Protect USB Flash Drives
Secure the data on your external USB drives. Easy to do and very reliable.

Latest Easy Computer Guides

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top