Would you like to learn how to use Bitlocker to encrypt the operating system drive using an external key stored in a USB flash? In this tutorial, we are going to show you how to encrypt a drive using Bitlocker and a Pendrive on a computer without the TPM chip.
• Windows 2012 R2
• Windows 2016
• Windows 2019
• Windows 10
• Windows 7
Equipment list
The following section presents the list of equipment used to create this tutorial.
As an Amazon Associate, I earn from qualifying purchases.
Related tutorial – PowerShell
On this page, we offer quick access to a list of tutorials related to PowerShell.
Tutorial Bitlocker – Enable the use of external key for encryption
As an administrator, start the group policy editor.
On the group policy editor screen, expand the Computer configuration folder and locate the following item.
Access the folder named Operating System Drives.
Enable the item named: Require additional authentication at startup.
Click on the OK button.
To save the group policy configuration, you need to close the Group Policy editor.
Restart the computer.
Congratulations! You have finished the GPO configuration.
Tutorial Powershell – Encrypt the disk using Bitlocker and USB key
As an Administrator, start an elevated Powershell command-line.
Verify if the computer has a TPM Chip enabled.
Here is the output of a computer without a TPM chip.
List the drives available.
Here is the command output.
Encrypt the Operating System drive using Bitlocker and a password.
Here is the command output.
In our example, the Bitlocker key file was saved in the root of drive D.
In our example, drive D is a USB flash drive.
Check if the USB flash drive has a hidden key file.
Here is the command output.
Create a recovery password.
Take note of the Bitlocker recovery password.
Restart the computer without removing the USB flash.
Verify the Bitlocker encryption status.
Here is the command output.
Wait for the drive encryption to finish.
The computer will request the key stored in the USB flash drive to start.
Insert the USB device and restart the computer.
Congratulations! You have encrypted the system drive using Bitlocker and a USB external key.
