Hello, my name is Manoj Sehgal. I am a Senior Support Escalation Engineer in the Windows group and today’s blog will cover “BitLocker on Mac Book running Windows 7 Enterprise Edition”
On a machine which does not have a TPM chip, we can still enable BitLocker but we use a USB device as a startup key.
Generally USB devices are formatted with FAT/FAT32 file system.
Some Mac Books cannot read from USB devices formatted with MBR and FAT/FAT32 file system.
Now if you have Windows 7 installed on a Mac Book and you want to use a USB key as startup key, then USB device has to be formatted with GPT.
Also as per KB article from Apple, http://support.apple.com/kb/HT1948
Intel-based Macs support starting from an external USB storage device’s volume that has been formatted with GPT.
In some Mac Books if we format the USB device with MBR and NTFS file system we can use it as a startup key for BitLocker.
Note: From Disk Management we cannot format a USB device as GPT, but we can use disk part to do this easily.
Once you have the USB drive ready to be used as a startup key, then you can enable BitLocker from Control Panel –> BitLocker Drive Encryption.
Make sure you have the below policy enabled.
To enable BitLocker on a computer without a TPM, you must enable the Require additional authentication at setup Group Policy setting, which is located in Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives. You must select the Allow BitLocker without a compatible TPM check box. After this setting is applied to the local computer, the non-TPM settings appear in the BitLocker setup wizard.
Once you go through the BitLocker Encryption Wizard, please do not skip the below step.
Once the machine is rebooted, we will read the USB Key and then BitLocker Encryption will start.
Once encryption is completed, we can reboot the machine and then we will be asked to insert the USB key in every time we reboot the Mac Book case we forget it.
I hope this article will help everyone to get BitLocker working on Intel based Mac running Windows 7 Enterprise/Ultimate Edition.
Senior Support Escalation Engineer
Microsoft Enterprise Platforms Support