If you cannot enable BitLocker for a drive in Windows 10, with an error message: "This device cannot use a trusted platform drive", see below to fix it.
BitLocker is a built-in Windows feature from Windows Vista onwards. It helps you encrypt the operating system as well as fixed drives, so you can protect your data on these drives.
Enabling BitLocker protection for a drive is very simple. You must go from exploring files to "My Computer" (Windows Vista / 7) or "This Computer" (Windows 8 / 8.1 / 10) and right-click the drive you want to protect.
In the context menu that will right-click, select "Enable BitLocker" and then follow the steps in Windows.
Some computers may not allow Windows to proceed with and send you the following error message:
This device cannot use a trusted platform unit. Your administrator must set the option "Allow BitLocker without TPM compatible" in the "Requires extra authentication at startup" policy for operating system volumes.
Η Trusted Module Platform aka TPM is the technology that provides security features in collaboration with hardware hardware. Generally TPM chips are such advanced technologies that they have security mechanisms that are malware-free. You can find more information about TPM on Wikipedia.
But let's see what TPM means (Reliable Platform Module) in the context of this error. This error will only occur when your system does not contain TPM-supported material. It generally happens with older machines. In this case too, BitLocker must encrypt the drive without TPM. When encrypting a TPM-free drive, you should use a password or a USB drive when starting up.
Upon completion of BitLocker, the basic information that makes up thw drive encryption will be stored on a USB drive and using it, you can access the data of the encrypted drive.
Therefore, to use BitLocker without TPM and to bypass this error, follow these steps:
NOTE: The following steps only work on Pro and Enterprise versions of Windows 10 / 8.1 / 8 / 7.
1. Press Win + R at the same time and in the run window that appears, type gpedit.msc and press OK. The "Local Group Policy Editor" window will open.
2. In this window go to:
Computer Settings> Management Templates> Windows Components> BitLocker Drive Encryption> Operating System Drives (Computer Configuration> Administrative Templates> Windows Components> BitLocker Drive Encryption> Operating System Drives)
3. In the right pane of the operating system drives, look for the setting called "Requiring Extra Authentication at Startup" and double-click it to modify it.
4. Then, in the Configuration Policy window, select "Enabled" (top left). Also make sure that in the same window you have checked “Allow BitLocker without TPM compatible (requires password or boot key on USB flash drive). Click the Apply button, and then click OK. Turn off the local group policy editor.
You can now try to encrypt the same drive as BitLocker again and it should work this time.
How useful was this post?
Average rating / 5. Vote count:
No votes so far! Be the first to rate this post.