How to keep your data safe from bad guys? – Implementing BitLocker – Part 2

Checking TPM-Module

When implementing BitLocker you need to first check if the computer has the TPM-module. In Windows 10 you can check that by writing “tpm.msc” in the search box.

Trusted Platform Module Management Console:

If there is no TPM module or it is unavailable the management console informs you with an error message. If there is a TPM module, the management console shows relevant information.

If Your computer has TPM module, proceed to part “Implementing BitLocker”. If not, then you need to modify BitLocker to accept USB flash drive or password as key store.

Using BitLocker Without TPM

If Your computer does not have TPM module you need to allow drive encryption without TPM. Proceed to manage BitLocker settings in Group Policy Editor.

Open following location: Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocked Drive Encryption > Operating System Drivers. Edit policy so it is enabled and check that “Allow BitLocker without a compatible TPM” option is checked.

Implementing BitLocker

Open BitLocker management in Control Panel and start drive encryption wizard.

Please note that warning regarding WRE.
Select how you want to unlock your drive.
Enter unlock password twice. Please note that during boot keyboard is set to US keyboard layout so your special characters may be in different part in your keyboard during boot.
Ensure that you have your recovery key backed up in good secure place.
The example of the recovery key. Please keep your recovery key always secure and never publicly share it in anywhere.

The example of the screen where you enter the password to unlock the encrypted drives.
It’s encrypting!




One thought on “How to keep your data safe from bad guys? – Implementing BitLocker – Part 2

Leave a Reply

Your email address will not be published. Required fields are marked *