Windows 8 and 8.1 Forums


BitLocker- encrypt OS drive without TPM, if TPM is present

  1. #1


    Posts : 4
    Windows 7 Pro

    BitLocker- encrypt OS drive without TPM, if TPM is present


    Hello to everyone,

    I am new here and "fresh" with BitLocker encryption. I need to encrpyt OS drive of laptop with Windows 8.1 and TPM chip. I have read few articles about encryption of OS drives with BitLocker ( with TPM / without TPM ) but never got a direct answer to my questions. So ... I want to ask:

    1. Is it possible to encrypt the drive without using the TPM in case that there is TPM chip in the laptop because from what I have read BitLocker work with TPM by default but I don't want to use it. I have had already encrypt other laptops without TPM chips by setting up the group policies ( Computer Configuration \ Administrative Templates \ Windows Components \ Bit Locker Drive Encryption \ Operating System Drives and double click on Require additional authentication at startup ) and ... is it possible something like this to be made in this case ( when the laptop have TPM in it ).
    What I want is the user to be asked for password on startup, recovery key to be saved to a file on external device( not to use usb flash drive as a key ) and to be possible simply to change my HDD in the future without need to manage TPM.

    If this is not possible ... here is my second question:
    2. Can I setup encryption with TPM like that:
    - user to be asked for PASSWORD on startup
    - recovery key to be saved to a file ( I don't want every time to use usb flash drive with recovery on it to unlock the drive ... what I want is just user to be asked for a password and when he enter the correct password the drive to be unlocked )


    I apologise for my bad english and the long questions but I hope that someone can help me for this. Thanks in advance.

      My System SpecsSystem Spec

  2. #2


    Posts : 1,720
    Windows 8.1 Pro


    Good morning or afternoon Stilcho and welcome to Windows Eight Forums:
    BitLocker works for me as you described without TPM enabled. I think you can even set it to 'Auto-Unlock' if you're certain your PC is not accessed by anyone else but you.
    I am not well that versed when it comes to TPM/BitLocker issues but there is many helpful members here that are more than willing to help you further. Be patient and check back often.
      My System SpecsSystem Spec

  3. #3


    Posts : 446
    Win 8 64-bit


    It's not something I've tried myself, however if you look at the second screenshot in this tutorial of the group policy settings you mentioned (Computer Configuration > Administrative Templates > Windows Components > Bit Locker Drive Encryption > Operating System Drives), it also shows four settings for configuring TPM startup authentication. I'm guessing setting them to 'Do not allow' would do what you are asking, but like I said, it's not something I've tried. Maybe someone else will come along who has actually tried it.

    Taken from here:
    To configure operating system drive startup options for computers with a TPM, the following options are available:

    - Configure TPM startup. You can choose to allow, require, or not allow the use of the TPM with BitLocker.

    - Configure TPM startup PIN. You can choose to allow, require, or not allow the use of the TPM in combination with a PIN with BitLocker.

    - Configure TPM startup key. You can choose to allow, require, or not allow the use of the TPM in combination a key stored on a removable device, such as a USB flash drive with BitLocker.

    - Configure TPM startup key and PIN. You can choose to allow, require, or not allow the use of the TPM in combination with both a key stored on a removable device, such as a USB flash drive with BitLocker, and a PIN.



    In answer to your second question about using a password with TPM, the same article says the following about using enhanced pins:

    "If you are using PINs for authentication along with the TPM, you may want to enable the use of enhanced PINs to allow for increased complexity of PINs. Enhanced PINs support the use of characters, including uppercase and lowercase letters, symbols, numbers, and spaces. Not all computers support these characters before the operating system starts, so we recommend that users perform a system check during BitLocker setup to verify that their computer will support the BitLocker settings they have selected before encrypting the drive. Double-click the Allow enhanced PINs for startup policy setting, and click Enabled to provide the option of using enhanced PINs with BitLocker-protected operating system drives. If this policy setting is disabled or not configured, enhanced PINs cannot be used."

    Regardless of whether you use TPM or not, you should have the option to save the recovery key to either a Microsoft account, flash drive, file or print it.
      My System SpecsSystem Spec

  4. #4


    Posts : 4
    Windows 7 Pro


    Thank you for the quick reply Edwin. Now it's afternoon here in Bulgaria and I think it is good morning for you in Canada so ...
    If I understand you correctly (
    BitLocker works for me as you described without TPM enabled
    ) If I turn off the TPM chip I will be able to encrypt the OS drive just like I encrypt any other laptop without TPM chip in it ( Turn the TPM On or Off ).
    I want just opposite of "auto-unlock" ... I need to be sure that user always will be asked for password ( in case someone steals the laptop or if it is lost ). The other thing is that I want to skip management( administration ) of the TPM chip ( initializing the TPM or in case that I decide to change my HDD and so on ... ) so I don't want the TPM chip to be used for the encryption process and something to be stored in it at all.
    I must mentioned that there is sensitive data on the HDD of this laptop so I don't want to make any experiments on it. I don't have where to test different cases so I want to know if there is a solution for me and to apply it without any experiments.
      My System SpecsSystem Spec

  5. #5


    Posts : 4
    Windows 7 Pro


    Thank you for the reply ARC1020. That sounds like a solution for my 1st question but as you mentioned you have not tried it by yourself and the problem is that I don't want to experiment on the laptop because there is sensitive data on it( the hdd ). According to what you guess and what I have read in the article if I set "Do not allow" to all 4 options for configuring TPM startup authentication and check "Allow BitLocker without compatible TPM (...)" I will be able to encrypt the OS drive with BitLocker without using the TPM chip. Am I right?
    Or I must stop usage of TPM chip directly from the BIOS or I don't know ... I`m not very familiar with TPM administration. I will be very happy if I succeed to encrypt this laptop without using its TPM chip.
      My System SpecsSystem Spec

BitLocker- encrypt OS drive without TPM, if TPM is present
Related Threads
I just encrypted an external hard drive via BitLocker, and when I plug it in I do get the little box on the top right of my computer saying it's BitLocked. So I press on that, enter my password, and everything is good to go. But how do I make my computer automatically open the password window to...
I need to return a desktop computer. I just turned on bit locker and plan on also erasing the drive as well (after bitlocker is complete). It is an SSD. Out of curiosity, once bitlocker is on, can anyone access the data if they do not know my log in information or recovery key? thanks, ...
The program Acronis True Image failed when attempting to clone win 8.1 C drive. The destination disk is now hidden in File Explorer but is present in Disk Management (and in Device Manager). The Disk Management command "Change Drive Letter ..." is grayed out. How can I unhide the drive? The...
HI all when i installed win 8.1 i was having the secure boot issue it since resolved, but i notest that it did nto encrypt my drive like it suppose to and it doesn't even show up in PC Info for encryption so how do i turn this on? I have a Alienware X51 revision 1 with Bios version A12. Win 8.1...
Hi, I tried the tutorial to lock the drive with BitLocker. But after unlocking it the drive is giving me inaccessible type of error. https://www.eightforums.com/tutorials/21325-lock-drive-add-context-menu-bitlocker-drives.html Help please!!!
Hello, Is there a way to use a bitlocked usb drive on mac os x?
Aomei Backuper. Does everything you need. Image Drives/System/Partitions. Full/Differential/Incremental. Image mounting. Scheduling. Creates Winpe recovery media - no need for WAIK/WADK download. Native 64 pe too.
Eight Forums Android App Eight Forums IOS App Follow us on Facebook