Bitlocker

How to Use BitLocker Without a Trusted Platform Module (TPM)

TL;DR;

1. Open the Local Group Policy Editor (Run gpedit.msc)
2. In left pane navigate to:
   1. Computer Policy
   2. Computer Configuration
   3. Administrative Templates
   4. Windows Components
   5. BitLocker Drive Encryption
   6. Operating System Drives
3. Edit Require additional authentication at startup
4. Switch to Enabled
5. Ensure Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) is enabled.
6. Clock Ok.

Switching BitLocker protection methods without re-encrypting

Source. Not quite up to date.

In an admin prompt, to check “protectors” status:

manage-bde -protectors -get <drive>

Remove TMP (leaves recovery key intact):

manage-bde -protectors -delete <drive> -type TPM

Add password protector:

manage-bde -protectors -add <drive> -password

It might complain that:

ERROR: An error occurred (code 0x8031006a):
Group Policy settings do not permit the creation of a password.

If that is the case, follow the howto geek above to enable that policy.