BitLocker Drive encryption is a function to encrypt the hard disk drive of PC and the removable disk such as a USB flash drive, SD card etc. to prevent important data from being stolen.
BitLocker Drive Encryption can encrypt the operating system drive which Windows is installed, a Fixed drive, USB flash drive, or SD card, etc.
TPM : Trusted Platform Module
If you try to use BitLocker Drive Encryption on your operating system drive (usually, C: drive), you may receive the following error message. In the section of Operating system drive, click 1Turn on BitLocker.
▼ However, the following error message may be displayed here. This means that you can not use BitLocker because there is no TPM.
This device can’t use a Trusted Platform Module. You administarator must set the “Allow BitLocker without a compatible TPM” option in the “Require additional authentication at startup” policy for OS volumes.
Using a USB flash drive
You can enable BitLocker for your Operating System drive without the TPM if the BIOS and UEFI firmware are capable of reading from a USB flash drive when Windows Starting. Because you can also use the BitLocker startup key on your PC from a USB flash drive.
Set up BitLocker using Group Policy (gpedit.msc)
Hardware requirements for BitLocker Drive Encryption require a PC with a security chip called Trusted Platform Module(TPM).
To use hard drive encryption with BitLocker, you need this TPM, but not necessarily without the TPM, and there is a way to use the keys in the USB flash drive.
If you want to use BitLocker without a TPM, you can use Group Policy to set BitLocker on the operating system drive.
Opening Group Policy (gpedit.msc)
▼ As below, presskey to open Run, and enter 1gpedit.msc in the text box. Click 2 button.
First, in the Windows search box next to the, enter 1gpedit and click 2Edit group policy. In addition, the Group Policy Editor is built-in in Windows Pro edition. For Windows Home version, you must install gpedit.msc separately.
▼ In the Group Policy Editor (gpedit.msc) window, navigate to the following path in the navigation tree on the left.
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drive
▼ Next, double-click 1Require additional authentication at startup.
▼ At the Require additional Authentication at Startup window, first select Enable, and 2confirm that the following options are checked, and then click 3or button.
Allow BitLocker without a compatible TPM(requires a password or a startup key on a USB flash drive)
Enabling BitLocker Encryption
▼ As a result, BitLocker Encryption is now available for Operating System drives without the TPM, as shown below.
Updating Local Group Policy
1gpupdate.exe /force command resets all processing optimizations in the client’s Group Policy engine settings and all settings.
Search command in “Windows Search” as shown below.
▼ Group Policy is updated when running the command.