Software that can encrypt the laptops without TPM modules


We have GDPR and I have been asked to encrypt staff laptops. We are using windows 7 enterprise. The idea is if the laptop is lost or stolen, the person who gets the laptop must not be able to recover the data from the laptop Hard disk.

The laptops that we have does not have TPM module. We have found a way of setting up bit locker and here during the setup process, the encrypted key corresponding to the laptop is copied to a USB stick and whenever the laptop is booted the USB stick must be inserted into the laptop to authenticate and boot into windows.

This method will not be suitable for uses, they can lose the USB stick, it will be difficult for them to carry this with the laptop and if they keep the USB in the laptop bag and if the laptop bag is lost, the data can fall into wrong hands.

Please let me know if there is any other way around or any software that can encrypt the staff laptops.
Any help will be great
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kent WSr. Network / Systems AdminCommented:
VeraCrypt, the continuation of TrueCrypt, can encrypt whole partitions or drives. System encryption is the most secure.
It simply ask for a password at boot up, and you can create a rescue disk just in case that pass is ever forgotten.
Set a password for bitlocker and that's that.
nociSoftware EngineerCommented:
bitlocker without TPM?....
Any be sure laptops are shutdown, and not put on standby while on the move,,,, Otherwise the system will never have the data at  rest...
(And that is why you would want to encrypt).
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

look also at the Jetico products :
"bitlocker without TPM?...." - yes. Lianne has already activated the setting to allow that, else she wouldn't be allowed to use a USB drive  for unlocking. So now simply change that to a password in "manage bitlocker".

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
lianne143Author Commented:
Hi McKnife

Will the BitLocker  for Windows 7 enterprise work for password only. I am planning to set up the BitLocker in Windows 7 and save the encryption keys in the AD, so that if the user forgets the password , I can recover them from AD.
Yes, passwords for bitlocker OS drives were introduced in win7 already.
lianne143Author Commented:
Thanks Mcknife

Please post tutorials as how to set up bit locker on Windows 7 enterprise  with the recovery keys saved to Active Directory
That's this GPO: Do not enable BitLocker until recovery information is stored in AD DS
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.