Top 3 Products & Services


Dated: May. 17, 2012

Related Categories

Network Security
Windows 7
Windows Server OS

Overview of Trusted Platform Module (TPM)

Trusted Platform Module (TPM) is a hardware chip that is integrated in almost all latest computer systems and it stores a key from the key pair that is used to encrypt/decrypt the hard disk drive if the BitLocker drive encryption feature is enabled.

In order to enable BitLocker drive encryption on a Windows 7 computer, the computer must have TPM chip present in it and the feature must be enabled in the BIOS settings of the motherboard, failing to which BitLocker drive encryption cannot be enabled on the computer under normal circumstances.

How Bit Locker Drive Encryption Feature Uses TPM?

As mentioned above, TPM stores a key from the key pair that is automatically generated when BitLocker feature is enabled while encrypting the hard disk drives. Apart from the key from the key pair that is stored in the TPM, other key from the key pair is given to the users which they must provide when they start the computers after enabling drive encryption. When users start the computers after enabling drive encryption, Windows 7 prompts users to input their part of key and once they do so, the key is matched with its other part that is stored in the TPM. If the key combination matches, the operating system decrypts the hard disk drive using the key pair and allows the users to gain access to the computer. If the key pair does not match, Windows 7 does not allow the users to access the computer and if users try to gain access forcefully, the entire data gets corrupted.

BitLocker Drive Encryption without TPM

Microsoft understands that not all computers have TPM integrated in the motherboards and therefore it also allows administrators to configure Windows 7 through group policies so that they can enable BitLocker drive encryption even if the TPM is absent. In this case, the other half of the key pair, that was stored in TPM if it was present, is stored in an external removable USB drive. In order to decrypt the hard disk drives, users must provide their part of keys and insert the USB drives for the other half to complete the key pairs. Operating systems then match both the keys to form a valid key pair and then they decrypt the hard disk drives and allow users to gain access to them.

Configure Windows 7 Operating System to Enable BitLocker Drive Encryption without TPM

Since the task requires elevated privileges, administrator account must be used in order to complete the process. Below steps must be followed to accomplish the task successfully:

  1. Require Additional Authentication at Startup Log on to Windows 7 computer with the administrator account.
  2. Click Start and in the search box at the bottom of the menu type GPEDIT.MSC and press Enter key.
  3. On Local Group Policy Editor snap-in from the left pane under Computer Configuration go to Administrative Templates > Windows Components > Bit Locker Drive Encryption and from the expanded list click to select Operating System Drives.
  4. From the right pane double-click Require additional authentication at startup.
  5. On the opened box click to select Enabled radio button and under Options section check Allow BitLocker without a compatible TPM checkbox if it is not already checked.
  6. Finally, click OK button when done and restart the computer to allow the changes to take effect.

Now that you've gotten free know-how on this topic, try to grow your skills even faster with online video training. Then finally, put these skills to the test and make a name for yourself by offering these skills to others by becoming a freelancer. There are literally 2000+ new projects that are posted every single freakin' day, no lie!

Previous Article

Next Article