TPM olmadan Vista BitLocker şifrelemesi

Windows Vista'nın Enterprise ve Ultimate sürümleri BitLocker yoluyla şifreleme seçeneği sunuyor. EFS adındaki NTFS şifreleme sistemine karşın, BitLocker sadece klasörleri şifrelemekle kalmayıp sürücünün tamamını şifreleyebiliyor.

1. Windows Vista

Fakat BitLocker şifreleme yapabilmek için anakart üzerinde şifrelenmiş sürücünün anahtarlarını içeren "Trusted Platform Module (TPM)"e ihtiyaç duyuyor. Örneğin iş için kullanılan dizüstü bilgisayarlarda (ticari amaçla kullanılan bilgisayarlar)
bu modülle birlikte, BitLocker sabit diski şifreleyerek bilgileri koruyacaktır.

Vista Enterprise veya Ultimate sürümlerinden birisini kullanıyor ve Bit-Locker şifrelemesini kullanmak istiyorsunuz fakat bilgisayarınız TPM çipine sahip değil. Hâlbuki bu çipin yerine şifreleme anahtarlarını saklayacak USB bellek veya
hafıza kartı kullanabilirsiniz. Vista'yı TPM çipi yerine USB belleğimizi veya hafıza kartımızı kabul etmesi için biraz zorlamalıyız. "Başlat" menüsündeki "Çalıştır" alanına
"gpedit.msc" yazarak Yerel Grup İlkesi Düzenleyicisi'ni açın. Ardından "Bilgisayar Yapılandırması│Yönetim Şablonları │Windows Bileşenleri│BitLocker Drive Encryption│Denetim Masası

Kurulumu: Gelişmiş başlangıç seçeneklerini etkinleştir" yolunu izleyin. "Ayar" sekmesine gelerek üst bölümde bulunan "Etkin"i seçin ve
"Uyumlu bir TPM olmadan BitLocker'a izin ver"i işaretli konuma getirin. "Uygula"ya tıklayarak işlemi onayladığınızda BitLocker
sihirbazı (Denetim Masasında bulabilirsiniz) yeni eklenen seçeneği gösterecektir.

UYARI: Microsoft BitLocker'ı aktif hale getirerek PC'nizin şifrelenmesi için anahtarlar oluşturulmasını sağlayacaksınız. Eğer kullanmış olduğunuz bellek bilgisayara takılı değilse sistem başlamayacak veya kurtarma araçları çalışmayacaktır. Belleğinizdeki veri silinir veya belleği kaybederseniz şifrelenmiş bilgisayarınıza ulaşamayacaksınız. Öyleyse önemli bilgilerinizin yedeğini almalısınız.
Dikkat etmeniz gereken şeyse yedek alma işlemini şifrelediğiniz bilgisayar üzerinde yapmamanız olacaktır.

How to Enable BitLocker Without a TPM Chip in Windows 7 & Windows 8

BitLocker is a tool included in Windows Vista, Windows 7 (Enterprise and Ultimate) and Windows 8 (Pro and Enterprise) that can be used to encrypt data on any drive. However, in order to encrypt your system drive, you must have a TPM chip in your computer. If you don’t, it is still possible to use BitLocker but you need to set Windows so that it allows the use of BitLocker without this chip. In this article I will first explain the use of a TPM chip (what it is and why it is used) and how to set both Windows 7 and Windows 8 so that they do not to require this chip order to encrypt your system drive with BitLocker.

What is a TPM (Trusted Platform Module) Chip?

A TPM chip is a device used to generate secure & unique cryptographic keys and store them in an encrypted fashion, so that this data can be used to authenticate hardware devices. The cryptographic keys are encrypted and can be decrypted only by TPM chip which created and encrypted them.
Encryption software like BitLocker in Windows Vista, Windows 7 and Windows 8 use the TPM chip to protect the keys used to encrypt your computer’s data. Then, it is used to authenticate your encrypted computer and give you access to all the encrypted data when the device trying to access it is identified as trusted. Since the key stored in each TPM chip is unique to that device, encryption software can quickly verify that the system seeking access to the encrypted data is the expected system and not a different one.

Lots of different encryption software uses or supports the use of a TPM chip. However, one notable exception is TrueCrypt which doesn’t provide support for TPM.
Computers with TPM chips are produced by all major vendors (from Acer to Samsung to Dell and HP) but they are included mostly in computers designed for business use and sold to businesses. TPM chips are not included in computers sold to home users.
If you want to learn more about these chips, we recommend that you read the following articles: Windows Trusted Platform Module Management Step-by-Step Guide and Trusted Platform Module.

Trying to Use BitLocker Without a TPM Chip?

If you are trying to use BitLocker to encrypt your system drive and you don’t have a TPM chip in your computer, you will receive an error message. In Windows 7 the message states: "A compatible Trusted Platform Module (TPM) Security Device must be present on this computer, but a TPM was not found. Please contact your system administrator to enable BitLocker."

In Windows 8, the message is even more clear: "This device can’t use a Trusted Platform Module. Your administrator must set the "Allow BitLocker without a compatible TPM" option in the "Require additional authentication at startup" policy for OS volumes.".

I like the error message in Windows 8 a lot better because it also points you in the right direction and shares how to fix this problem.

How to Open the Local Group Policy Editor

As stated at the beginning of this article, you can use full system drive encryption with BitLocker, even if you do not have a TPM chip in your computer. However, in order for this to work, you need to edit a policy in Windows, with the help of the Local Group Policy Editor tool.
To launch this tool, search for the word "group" or the words "group policy" in the Start Menu search box, in Windows 7.

In Windows 8, search directly on the Start Screen and go to the Settings section to see the appropriate search results.

Click or tap on the Edit group policy search result to open the Local Group Policy Editor tool.
Alternatively, you can use the Run window to run this command: gpedit.msc.

How to Modify the BitLocker Drive Encryption Policy

This is how the Local Group Policy Editor should look like:

On the left-hand panel, go to the Computer Configuration section and open the following folders: Administrative Templates -> Windows Components -> BitLocker Drive Encryption -> Operating System Drives.

Now look to the right hand panel and search for a setting named: "Require additional authentication at startup".

Double click on it to open this setting. Now, change its value to Enabled. Then, check the option which says "Allow BitLocker without a compatible TPM" and press OK.

When done, close the Local Group Policy Editor. You can now use BitLocker to encrypt your system drive without having a TPM chip in your computer.
Later on, if you will want to set things back to the way they were, follow the same procedure and set "Require additional authentication at startup" to Not Configured.

Conclusion

As you can see from this tutorial, it is not very hard to set BitLocker and Windows to allow you to encrypt the system drive without a TPM chip. However, it involves a few steps and the use of a rather unfamiliar tool.

Related articles:

How to Encrypt a System Partition with BitLocker in Windows 7 & Windows 8
Encrypt Files on a USB Memory Stick with BitLocker To Go
How to Unlock a BitLocker Encrypted Flash Drive

 http://www.7tutorials.com/how-enable-bitlocker-without-tpm-chip-windows-7-windows-8