I have recently updated my laptop from Windows 7 Pro to Windows 8.1 Pro and previously used TrueCrypt to encrypt my laptop drive but on this occasion I thought I’d give Bitlocker a try instead as this is now available with the Windows 8.1 Pro version. Normally you would use Bitlocker with TPM (Trusted Platform Module) but I didn’t have TPM installed in my laptop but I still wanted to use it. As I discovered there is a way around this by using either a PIN or USB drive as a pre-authentication method. I also discovered that the default encryption algorithm used is AES 128-bit but wanted something stronger. By searching through GPO I found I could enable Bitlocker without using TPM and that I could also change the default encryption algorithm to AES 256-bit (much stronger)
This is how I did it……
Open up group policy editor (gpedit.msc) and then click/tab on to expand Computer Configuration, Administrative Templates, Windows Components and then select Bitlocker Drive Encryption
In the right hand pane click on the Choose drive encryption method and cipher strength
Select Enable and then change the encryption method to AES 256-bit by using the drop down bar
Now to change the TPM requirement……
Now back in the left hand pane click/tab on to expand Computer Configuration, Administrative Templates, Windows Components, Bitlocker Drive Encryption and then select Operating System Drives
In the right hand pane click on the Requires additional authentication at startup
Now select Enable and the make sure there is a tick in Allow Bitlocker without compatible TPM
That’s it click on Apply then OK and you should now be able to activate Bitlocker without having TPM installed and also the encryption algorithm is now set to AES-256.
