It depends. If the file is on an encrypted partition which you cannot read (because it is not unlocked with the appropriate encryption password), then the virus cannot read the file and infect it.
If the file is on an encrypted partition to which you have access to (unlocked with the encryption password), then the virus (if it is running with the same user account and permissions as you are) can access and infect the file.
I like all of your article. Everyday, I’m waiting to get a new content from your site. Thanks for your great article.
Adrian
11 years ago
Salut Ciprian,
Tocmai ma pregatesc pentru MCTS 70-680 si am gasit link-ul pe contul de Twitter al Microsoft Press. Tin sa te felicit pentru articol, e foarte clar si simplu de urmarit. Si eu sunt un pasionat de tehnologie si ma bucur ca am gasit acest site. Succes in continuare.
Adi.
Daca vrei si continut in limba romana, avem un sit mai mic dar la fel de bun, https://www.digitalcitizen.ro/. E numai bun de dat amicilor si membrilor familiei ce nu se descurca atat de bine cu engleza. 🙂
mmg1818
11 years ago
after use Group Policy Editor
Open the Start menu, and type gpupdate.exe /force into the search line and press Enter.
Thanks, this saved us! We ran this command and it gave further info which led to troubleshooting the problem: an offset date/time from the domain controller.
Sam
11 years ago
Thank you. Very clear.
Usman Jan
11 years ago
Great Sir ,,,Ur Brilliant ,, …….Nice Work.
Drew
11 years ago
This doesn’t work in windows 8. The “require additional authentication at startup” menu has no options in Windows 8 Pro.
Ciprian Adrian Rusen
11 years ago
The tutorial was tested and confirmed to work on Windows 8 Pro. Have you enabled Require additional authentication at startup?
Are you using a business computer?
Dan
11 years ago
awesome tutorial. and it works perfectly on Windows 8 Pro. thanks
I’m glad we helped. 😀 Don’t hesitate to pay us a visit from time to time. We have lots of other useful stuff.
Adrian
11 years ago
As far as I understand, if you do not have a TPM then the only startup option is using a USB flash drive with your key on. So if someone steals the USB flash drive from your laptop then you will not be able to get back in after it reboots.
You can also print the key file and keep it in a safe place in case you lose the USB.
edi karsidi
10 years ago
If your goal is to enable bitlocker in windows, it’s easier if you use EASEUS partition master professional to hide and unhide your drive. You can also add a password to enter the Application EASEUS, so that can not be accessed by unauthorized users.
Stiliyan
10 years ago
Will this solution work even if I have a TPM chip installed in the laptop? I have laptop with Windows 8.1 and TPM chip installed but I don’t want to manage ( administrate ) the TPM chip and don’t want to use it. So I want to know if I can apply this steps in my case? I don’t want to make experiments because there is sensitive data on the HDD 🙂
I hope that someone will see this and answer me. Thanks in advance. 🙂
gillz
10 years ago
I am trying to enable bitlocker on win 7 without TPM but its working. I tried on win 8 without tpm its working. even after enabling the option ‘Allow Bitlocker without compatible TPM’ same error message is coming ‘TPM was not found…………………’
And your problem is that our instructions are working and you can enable Bitlocker without TPM?
adrian morse
10 years ago
Hi Ciprian, great article. I have some follow-up information which may be interesting to you and others — back last March I asked you this question:
“As far as I understand, if you do not have a TPM then the only startup option is using a USB flash drive with your key on. So if someone steals the USB flash drive from your laptop then you will not be able to get back in after it reboots.” ….and your reply was as follows: “Correct. Or if someone steals your laptop and not the USB flash drive, they could never decrypt a thing.”
Well, I went ahead and encrypted expecting to need the USB flash drive, but after the disk was encrypted I was given the option to use a PIN rather than a USB key. I selected that and surprisingly it worked. Now after starting my laptop I immediately get shown the blue Bitlocker password screen where I enter the decryption password. After booting up I then need to log in to my account using my usual Windows password. So it seems the information on many websites about needing a USB key when you do not have TPM is not correct, at least not for my combination of OS and machine. I am running Windows 8 Pro on a Samsung NP550P7C laptop. I confirmed with Samsung that it does not have a TPM module.
I received the same USB or PIN option but was not sure due to the instructions I received that said only USB key would work. I also read your hard drive must be partitioned in two, one partition for your Windows OS and one for everything else. This made me pause because I do not have two partitions. The instructions said bitlocker would make two partitions if I did not have two. This made me think it would reformat my hard drive. I’m feeling nervous about activating bitlocker. Any advice?
Zarko Joveljic
10 years ago
Is there anyone else who can confirm what Adrian Morse posted, with regards to not requiring USB flash drive to store the key?
I am very keen on using BitLocker but having to carry USB drive so I can start up my laptop each time is a big no-no.
On the other hand, I don;t want to go through entire encryption process only to discover that the only option is USB flash and no PIN.
Hi zarko, on win8 it is nt necessary to have usb flash drive to save key. On win8 u can enable bitlocker without tpm using password. Win8 has two options either password or usb.
iti
10 years ago
Can we enable bitlocker on win7 without tpm. I m trying to enable bitlocker on win7 without uwing usb but no luck….please can sm1 help
you enable bitlocker and save document.txt in your pc and move where you need.
Steve
9 years ago
Before I close the door on this chapter of my Bitlocker fun and such, I need to know if the following is possible or not:
System is Windows 7 Ultimate WITHOUT TPM.
I am successful on enabling bitlocker on the OS Drive and am, of course, using a USB flash drive with the Key on it.
Is there any way that I can ALSO set or configure this current system to require a pin (or password) in order to use the bitlocker-encrypted drive, without changing the OS version (I already upgraded to Ultimate) ?
I am looking for both (2-factor) and not one or the other.
I just haven’t been able to find anything through my searches that explicitly and directly answer and talk to this.
Thank for any and all help..even if it cannot be done. Steve
Did you mean password? Windows 7 ultimate does offer the additional authentication on startup option. However, you need to have an enabled TPM. I found that Windows 8.1 Pro allows the additional authentication on startup option with or without the use of an enabled TPM.
Revealed
9 years ago
Nice tutorial, I just hate having to use a USB to unlock the computer, so i upgraded to windows 7 and it has guess what a password boot 😀 thanks for this tutorial none the less.
Igor
9 years ago
I’ve tried this acc. to tutorial but it didn’t work for me.
I have Windows 7 Enterprise and machine is HP Pavilion g6 2305sm (without TPM module).
After all it says: ”A compatible Trusted Platform Module (TPM) Security Device must be present on this computer, but a TPM was not found. Please contact your system administrator to enable BitLocker.”
Did someone manage to do the encryption on Windows 7 Enterprise (without TPM)?
Nia
8 years ago
Thank you!
Debbie
6 years ago
Thank you for this great info! It worked perfectly!
Thanks for all the great info on this. I am considering encrypting a desktop running Windows 10 Pro (and would not ask this if most of the info weren’t from Windows 7 and 8):
If do this (enable require additional authentication at startup and then Turn On Bitlocker, will I be able to use a PIN instead of a USB)? Thanks!
Louie Wilson
5 years ago
Excellent tutorial!
Juan
5 years ago
Outstanding Article! Thank you for your time and efforts. I know the article is a bit dated, but everything seemed to work as stated! Thanks again.. It really is appreciated.
Terry Mundy
4 years ago
The images with numbered labels are perhaps the most useful instructions that I’ve seen. If Microsoft and other software companies were to use images like this, the world would of software setup would be a lot less confusing and secretive.
Hey man, I am looking to encrypt a network computer but the laptop does not have the TPM chip. I followed the steps of editing the group policy locally on the laptop but I am still getting the same error. Do you know any work around for this?
I have a question. A file that has been ecrypted, can that file be infect by virus?
It depends. If the file is on an encrypted partition which you cannot read (because it is not unlocked with the appropriate encryption password), then the virus cannot read the file and infect it.
If the file is on an encrypted partition to which you have access to (unlocked with the encryption password), then the virus (if it is running with the same user account and permissions as you are) can access and infect the file.
Thanks for the answer. I like this site very much. Waiting to your next article…
Thanks for the appreciation. Waiting for a specific article (on a specific topic) or for our next article in general?
I like all of your article. Everyday, I’m waiting to get a new content from your site. Thanks for your great article.
Salut Ciprian,
Tocmai ma pregatesc pentru MCTS 70-680 si am gasit link-ul pe contul de Twitter al Microsoft Press. Tin sa te felicit pentru articol, e foarte clar si simplu de urmarit. Si eu sunt un pasionat de tehnologie si ma bucur ca am gasit acest site. Succes in continuare.
Adi.
Foarte tare. Bafta! 😀
Daca vrei si continut in limba romana, avem un sit mai mic dar la fel de bun, https://www.digitalcitizen.ro/. E numai bun de dat amicilor si membrilor familiei ce nu se descurca atat de bine cu engleza. 🙂
after use Group Policy Editor
Open the Start menu, and type gpupdate.exe /force into the search line and press Enter.
Thanks, this saved us! We ran this command and it gave further info which led to troubleshooting the problem: an offset date/time from the domain controller.
Thank you. Very clear.
Great Sir ,,,Ur Brilliant ,, …….Nice Work.
This doesn’t work in windows 8. The “require additional authentication at startup” menu has no options in Windows 8 Pro.
The tutorial was tested and confirmed to work on Windows 8 Pro. Have you enabled Require additional authentication at startup?
Are you using a business computer?
awesome tutorial. and it works perfectly on Windows 8 Pro. thanks
I’m glad we helped. 😀 Don’t hesitate to pay us a visit from time to time. We have lots of other useful stuff.
As far as I understand, if you do not have a TPM then the only startup option is using a USB flash drive with your key on. So if someone steals the USB flash drive from your laptop then you will not be able to get back in after it reboots.
Correct. Or if someone steals your laptop and not the USB flash drive, they could never decrypt a thing. 🙂
You can also print the key file and keep it in a safe place in case you lose the USB.
If your goal is to enable bitlocker in windows, it’s easier if you use EASEUS partition master professional to hide and unhide your drive. You can also add a password to enter the Application EASEUS, so that can not be accessed by unauthorized users.
Will this solution work even if I have a TPM chip installed in the laptop? I have laptop with Windows 8.1 and TPM chip installed but I don’t want to manage ( administrate ) the TPM chip and don’t want to use it. So I want to know if I can apply this steps in my case? I don’t want to make experiments because there is sensitive data on the HDD 🙂
I hope that someone will see this and answer me. Thanks in advance. 🙂
I am trying to enable bitlocker on win 7 without TPM but its working. I tried on win 8 without tpm its working. even after enabling the option ‘Allow Bitlocker without compatible TPM’ same error message is coming ‘TPM was not found…………………’
And your problem is that our instructions are working and you can enable Bitlocker without TPM?
Hi Ciprian, great article. I have some follow-up information which may be interesting to you and others — back last March I asked you this question:
“As far as I understand, if you do not have a TPM then the only startup option is using a USB flash drive with your key on. So if someone steals the USB flash drive from your laptop then you will not be able to get back in after it reboots.” ….and your reply was as follows: “Correct. Or if someone steals your laptop and not the USB flash drive, they could never decrypt a thing.”
Well, I went ahead and encrypted expecting to need the USB flash drive, but after the disk was encrypted I was given the option to use a PIN rather than a USB key. I selected that and surprisingly it worked. Now after starting my laptop I immediately get shown the blue Bitlocker password screen where I enter the decryption password. After booting up I then need to log in to my account using my usual Windows password. So it seems the information on many websites about needing a USB key when you do not have TPM is not correct, at least not for my combination of OS and machine. I am running Windows 8 Pro on a Samsung NP550P7C laptop. I confirmed with Samsung that it does not have a TPM module.
I received the same USB or PIN option but was not sure due to the instructions I received that said only USB key would work. I also read your hard drive must be partitioned in two, one partition for your Windows OS and one for everything else. This made me pause because I do not have two partitions. The instructions said bitlocker would make two partitions if I did not have two. This made me think it would reformat my hard drive. I’m feeling nervous about activating bitlocker. Any advice?
Is there anyone else who can confirm what Adrian Morse posted, with regards to not requiring USB flash drive to store the key?
I am very keen on using BitLocker but having to carry USB drive so I can start up my laptop each time is a big no-no.
On the other hand, I don;t want to go through entire encryption process only to discover that the only option is USB flash and no PIN.
Guys, in Windows 8 you do not require to us a USB flash drive to store they key. You can use a PIN.
See this other tutorial for an example of how Bitlocker works:
https://www.digitalcitizen.life/encrypt-system-partition-bitlocker/
Hi zarko, on win8 it is nt necessary to have usb flash drive to save key. On win8 u can enable bitlocker without tpm using password. Win8 has two options either password or usb.
Can we enable bitlocker on win7 without tpm. I m trying to enable bitlocker on win7 without uwing usb but no luck….please can sm1 help
you enable bitlocker and save document.txt in your pc and move where you need.
Before I close the door on this chapter of my Bitlocker fun and such, I need to know if the following is possible or not:
System is Windows 7 Ultimate WITHOUT TPM.
I am successful on enabling bitlocker on the OS Drive and am, of course, using a USB flash drive with the Key on it.
Is there any way that I can ALSO set or configure this current system to require a pin (or password) in order to use the bitlocker-encrypted drive, without changing the OS version (I already upgraded to Ultimate) ?
I am looking for both (2-factor) and not one or the other.
I just haven’t been able to find anything through my searches that explicitly and directly answer and talk to this.
Thank for any and all help..even if it cannot be done. Steve
Only Windows 8 or 8.1 gives you the option to use a PIN. Windows 7 does not.
Ciprian,
Did you mean password? Windows 7 ultimate does offer the additional authentication on startup option. However, you need to have an enabled TPM. I found that Windows 8.1 Pro allows the additional authentication on startup option with or without the use of an enabled TPM.
Nice tutorial, I just hate having to use a USB to unlock the computer, so i upgraded to windows 7 and it has guess what a password boot 😀 thanks for this tutorial none the less.
I’ve tried this acc. to tutorial but it didn’t work for me.
I have Windows 7 Enterprise and machine is HP Pavilion g6 2305sm (without TPM module).
After all it says: ”A compatible Trusted Platform Module (TPM) Security Device must be present on this computer, but a TPM was not found. Please contact your system administrator to enable BitLocker.”
Did someone manage to do the encryption on Windows 7 Enterprise (without TPM)?
Thank you!
Thank you for this great info! It worked perfectly!
Thanks for all the great info on this. I am considering encrypting a desktop running Windows 10 Pro (and would not ask this if most of the info weren’t from Windows 7 and 8):
If do this (enable require additional authentication at startup and then Turn On Bitlocker, will I be able to use a PIN instead of a USB)? Thanks!
Excellent tutorial!
Outstanding Article! Thank you for your time and efforts. I know the article is a bit dated, but everything seemed to work as stated! Thanks again.. It really is appreciated.
The images with numbered labels are perhaps the most useful instructions that I’ve seen. If Microsoft and other software companies were to use images like this, the world would of software setup would be a lot less confusing and secretive.
Thanks for appreciating our work. 😉 Do not hesitate to subscribe to our newsletter, for more useful tutorials like this one.
Hey man, I am looking to encrypt a network computer but the laptop does not have the TPM chip. I followed the steps of editing the group policy locally on the laptop but I am still getting the same error. Do you know any work around for this?
Thank you so much dear it was so helpful