Windows Vista has a new hdd encryption feature “BitLocker Drive Encryption”. BitLocker can be very useful for businesses and home users security. Unfortunately, BitLocker Drive Encryption by default requires a Trusted Platform Module (TPM Chip) version 1.2 or later installed in your computer. Most of the computers and laptops on the market do not come with TPM chips installed as they are usually found in high end business computers. If you have Windows Vista Business, Ultimate or Enterprise but do not have a TPM chip, you can still use BitLocker Drive Encryption.

In local group policy there is a hidden setting that will allow you to turn on the ability to use a USB storage device instead of a TPM key to store the encryption key. This is a great feature for those who don’t have the latest high-end hardware because you can still use hard drive encryption. However, every time you turn on your computer, the USB storage device that has the encryption key located on it must be plugged in. Without it, your computer will not boot up. One BitLocker Drive Encryption is setup with a USB storage device, that USB storage device basically becomes the key to your computer.

Follow these steps to turn on the ability to use a USB storage device with BitLocker Drive Encryption on hardware that does not have a TPM device:

1. Click on the Start Button and key in gpedit.msc and hit Enter.
2. Navigate through: Computer Policy, Administrative Templates, Windows Components and BitLocker Drive Encryption.
3. Right click on Control Panel Setup: Enable advanced startup options and select Properties.
Check Enabled and hit OK.

Bookmark to: