Allow BitLocker Without a Compatible TPM

1 year ago

Ruian Ding

2 minutes

When setting up the BitLocker lab within our virtual machine, you may encounter an issue where the BitLocker key creation fails due to the absence of a TPM.

In such cases, you can configure the following local group policy to enable BitLocker key creation without a TPM.

1. Begin by clicking on the Windows icon located in the bottom-left corner of your computer screen. This will open the Start menu.

2. Within the search bar, type “gpedit.msc” and then press the Enter key.

3. Locate “Group Policy Object Editor” from the search results and select it to open the editor.

4. In the left pane, navigate to “Computer Configuration.” Under this section, double-click on “Administrative Templates” to expand it, revealing the subfolders associated with Administrative Templates.

5. Double-click on “Windows Components.”

6. Under “Windows Components,” find and select “BitLocker Drive Encryption.”

7. Next, click on “Operating System Drives.” You will see a list of settings displayed on the right pane.

8. Locate “Require additional authentication at start-up” and double-click on it. A new window will appear.

9. By default, the settings for “Require additional authentication at start-up” are not configured. To enable them, simply click on “Enable.” The remaining required options will automatically activate. Finally, click “OK” to apply the changes and then close the Group Policy Object Editor.

#DRS