To use Bitlocker Drive Encryption without hardware cryptography, you need to first configure the local computer policy to allow you to use USB key mode rather than TPM. Within the local computer policy, navigate to the following location: Computer Configuration \ Administrative Templates \ Windows Components \ Bitlocker Drive Encryption. Open Control Panel Setup: Enabled advanced startup options. Select the Enabled option and the Allow Bitlocker Without a Compatible TPM option.
To turn on Bitlocker Drive Encryption:
- Open the Control Panel, select Security and click Bitlocker Drive Encryption.
- Click the Turn On Bitlocker option for the operating system volume.
- Choose one of the available options to save the recovery password. The recovery password can be saved to a USB drive, in a folder or it can be printed. This password is required to move the drive to another computer. Therefore, it is crucial that it is kept in a secure location.
- Once you have selected the password recovery option, click Next to continue encrypting the operating system volume.
- Next, verify that the Run Bitlocker System Check option is selected. Click Continue.
The computer will restart and proceed with the volume encryption.
Additional settings for configuring Bitlocker Drive Encryption are available through the local computer policy. You can find these settings under the following container: Computer Configuration \ Administrative Templates \ Windows Components \ Bitlocker Drive Encryption.
[tags]Vista, Bitlocker, drive encryption, Microsoft, Windows[/tags]