Bitlocker without TPM RRS feed

  • Question

  • I have a Windows 10 machine in which I want to invoke bitlocker on the system drive. I get the expected "This device can't use a Trusted Platform Module.  Your administrator must set the "Allow BitLocker without a compatible TPM" option in the "Require additional authentication at startup" policy for OS volumes."  I went through and enabled "Allow BitLocker without a compatible TPM"  per gpedit.msc in http://www.digitalcitizen.life/how-enable-bitlocker-without-tpm-chip-windows-7-windows-8?page=1

    It still will not allow me to turn on bitlocker.  Any ideas what to try next?

    Monday, July 31, 2017 7:11 PM

All replies

  • Hi JohnnyOH,

    Pleas Note: Afterwards modifying the GPO, you need to run gpupdate /force command or restart  to take effect.

    Check if your steps below:

    You can use the Group Policy Editor to set this option.

    1. Press the WinKey+R to display the Open dialog.

    2. Type gpedit.msc in the Open: box and click OK.

    3. In the Group Policy Editor, navigate to  Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption/Operating System Drives.

    4. Right Click the Require additional authentication at startup policy and select Edit.

    5. Click the Enabled option.

    6. In the Options section, place a check mark in the Allow BitLocker without a compatible TPM option.

    7. Click Apply/OK and exit the Group Policy Editor.

    More information, please follow this blog:

    Securing Windows 10 with BitLocker Drive Encryption


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, August 1, 2017 2:31 AM
  • Johnny, sometimes, you will have to wait some seconds after you set the policy before you retry. It could really be just a timing issue.
    Tuesday, August 1, 2017 7:24 AM
  • Not only have I done a "gpupdate /force" as well as several reboots, it has been two days and the issue persists. It is not related to the policy not being applied.
    Tuesday, August 1, 2017 12:58 PM
  • Please confirm that once more by running rsop.msc

    Rsop will list all policy settings that are applied.

    • Proposed as answer by Ronald Schilf Wednesday, August 9, 2017 9:29 AM
    Tuesday, August 1, 2017 1:02 PM
  • Hi.

    Please check problem for apply GPO.

    How to Use the Group Policy Results (GPResult.exe) Command Line Tool

    How to use BitLocker Drive Encryption on Windows 10

    PS. I'm Use Bitlocker without TPM, but with usb key. No problem.

    MCITP, MCSE. Regards, Oleg

    Tuesday, August 1, 2017 1:03 PM
  • I went through all the settings but opted to go through and setup a physical machine with TPM. In practice, we will be using machines with TPM. I was trying to get things moving by staging all the other Bitlocker settings in a VM.
    Thursday, August 17, 2017 5:52 PM
  • Hi.

    I hope you know :)

    Planning for Hyper-V Security for Windows 2008/2012

    Important: Use BitLocker Drive Encryption in the Hyper-V parent partition only. Because BitLocker Drive Encryption is not supported within a VM, do not run BitLocker Drive Encryption on a virtual machine.

    BitLocker is not supported on bootable VHDs, but BitLocker is supported on data volume VHDs, such as those used by clusters, if you are running Windows 8, Windows 8.1, Windows Server 2012 or Windows Server 2012 R2.

    Bitlocker is support only VM with Hyper-V Windows 2016. Shielded VMs in Windows Server 2016 or VmWare BitLocker support in a virtual machine (2036142)

    MCITP, MCSE. Regards, Oleg

    Tuesday, August 22, 2017 12:01 AM