BitLocker Drive Encryption without TPM chip
Windows Vista has a hard drive encryption feature called BitLocker Drive Encryption.
BitLocker is a very useful security feature because
“BitLocker encrypts the data stored on a computer running Windows Vista even if the computer is tampered with when the operating system is not running. Protects against “offline attacks,” attacks which is made by disabling the operating system, and also by physically removing the hard drive to attack the data separately.”
But the drawback is that, BitLocker Drive Encryption by default requires a Trusted Platform Module (TPM Chip) version 1.2 or later installed in your computer. But If you have Windows Vista Business, Ultimate or Enterprise but do not have a TPM chip, you can still use BitLocker Drive Encryption.
There’s a hidden trick in local group policy is a setting that will allow you to turn on the ability to use a USB storage device instead of a TPM key to store the encryption key. This is a great feature for users that don’t have the latest high-end hardware because you can still use hard drive encryption. However, every time you turn on your computer, the USB storage device that has the encryption key located on it must be plugged in. Without it, your computer will not boot up. Talk about securing your PC right. basically the USB becomes the key to your computer, which is freaking cool on my part
Use a USB storage device with BitLocker Drive Encryption on hardware that does not have a TPM device.
Here’s the steps :
- Click on the Start Orb and Type gpedit.msc on the search field and press Enter.
- Go to Computer Policy, then Administrative Templates, then Windows Components and finally BitLocker Drive Encryption.
- Right click on Control Panel Setup: Enable advanced startup options and select Properties, Put a check on Enabled and hit OK.
That’s it! You’re Done!
