BitLocker on Mac Book running Windows 7 Enterprise Edition
Hello, my name is Manoj Sehgal. I am a Senior Support Escalation Engineer in the Windows group and today’s blog will cover “BitLocker on Mac Book running Windows 7 Enterprise Edition”
On a machine which does not have a TPM chip, we can still enable BitLocker but we use a USB device as a startup key.
Generally USB devices are formatted with FAT/FAT32 file system.
Some Mac Books cannot read from USB devices formatted with MBR and FAT/FAT32 file system.
Now if you have Windows 7 installed on a Mac Book and you want to use a USB key as startup key, then USB device has to be formatted with GPT.
Also as per KB article from Apple, https://support.apple.com/kb/HT1948
Intel-based Macs support starting from an external USB storage device's volume that has been formatted with GPT.
In some Mac Books if we format the USB device with MBR and NTFS file system we can use it as a startup key for BitLocker.
Note: From Disk Management we cannot format a USB device as GPT, but we can use disk part to do this easily.
Steps to format the disk as a GPT disk
Once you have the USB drive ready to be used as a startup key, then you can enable BitLocker from Control Panel –> BitLocker Drive Encryption.
Make sure you have the below policy enabled.
To enable BitLocker on a computer without a TPM, you must enable the Require additional authentication at setup Group Policy setting, which is located in Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives. You must select the Allow BitLocker without a compatible TPM check box. After this setting is applied to the local computer, the non-TPM settings appear in the BitLocker setup wizard.
Once you go through the BitLocker Encryption Wizard, please do not skip the below step.
Once the machine is rebooted, we will read the USB Key and then BitLocker Encryption will start.
Once encryption is completed, we can reboot the machine and then we will be asked to insert the USB key in every time we reboot the Mac Book case we forget it.
I hope this article will help everyone to get BitLocker working on Intel based Mac running Windows 7 Enterprise/Ultimate Edition.
Manoj Sehgal
Senior Support Escalation Engineer
Microsoft Enterprise Platforms Support
Comments
- Anonymous
August 08, 2012
I gave this a shot after installing Win7 on a new MacBook Pro using bootcamp and I could not get it to go - anyone get it to work? - Anonymous
November 19, 2012
Same issue John, have tried multiple format options with out any luck. I seem so close to getting bitlocker encryption yet so far.Have you succeeded yet? - Anonymous
May 21, 2013
Does this work with Windows 8? What about an sd card? - Anonymous
November 28, 2013
Hi Manoj,Awesome, the blog is very informative and helpful. I work as s support engineer for a big organization, we recently enforced bitlocker in our organization. My question is Can a Windows 7 bitlocker rncrypted USB be read from a MAC book? if not, any workarounds?Many thanks in advance - Anonymous
August 06, 2014
I have tried to get Diskpart to Clean the USB device but I get repeated 'Access is denied'. I am running everything as administrator, but no joy! - Anonymous
October 13, 2015
I read your article here..I am truly content with articles quality and presentation. Much obliged for keeping incredible stuff.