34,333
edits
Changes
→Changing Group Policy for BitLocker
To enable BitLocker support without a TPM select the ''Enabled'' radio box and check the ''Allow BitLocker without Compatible TPM'' toggle and apply the changes.
For systems with a BitLocker-compatible TPM a number of other options are available which control whether users are required to create TPM startup keys or use startup PIN. Note that startup keys and PINs are mutual mutually exclusive. If the system requires a startup key then PINs must be disallowed and vice versa. == Performing the Encryption and Generating Keys == With all the appropriate features and settings configured it is now time to perform the encryption. Open the BitLocker control panel as outlined above and click on the ''Turn on BitLocker'' link beneath the drive to be encrypted. The resulting dialog will warn you that BitLocker Encryption decreases performance and provide the option to cancel the operation. To proceed select ''Continue with BitLocker Drive Encryption''. The next screen to appear is the ''Set BitLocker startup preferences'' screen. The options provided on this screen will be governed by whether ths host system has a TPM or not. The following figure shows the screen on a system without a TPM, and such only provides the option to use BitLocker with a USB flash drive containing a startup key: [[Image:windows_server_2008_bitlocker_startup_preferences.jpg|The Windows Server 2008 BitLocker startup preferences screen]]