Using Full Disk Encryption without password on Windows machines that do not have TPM
This section describes how to enable Intel Platform Trust Technology (Intel PTT) on Windows without TPM.
GravityZone Full Disk Encryption allows security administrators to apply policies that encrypt endpoints without asking for a password from users. This feature is available for Windows machines having a Trusted Platform Module (TPM) chip, version 2.0. However, encrypting volumes without requiring a password is also possible on machines with Intel Platform Trust Technology (Intel PTT).
Intel PTT is an alternative solution that offers the capabilities of discrete TPM 2.0, supporting BitLocker for hard drive encryption and all Microsoft requirements for firmware Trusted Platform Modules (fTPM) 2.0. Intel PTT is available only on certain Windows machines.
Enabling Intel PTT
To encrypt endpoints without asking for a password from users, you must apply a GravityZone encryption policy with the option If Trusted Platform Module (TPM) is active, do not ask for pre-boot password enabled.
By default, this functionality is compatible with machines having a TPM 2.0 chip and UEFI. Encrypting without password also works on machines with Intel PTT, but you must first enable it in BIOS. If you do not enable Intel PTT, the encryption process will continue to require a password.
This is what you must do when encryption without password does not work on certain Windows endpoints:
Verify if the TPM is active on the machine by running the following command: tpm.msc. TPM may appear with ready status even though an actual TPM chip is not present on the machine.
Access BIOS on that machine and go to the section where the Intel PTT setting is located.
Depending on the BIOS manufacturer and version, you may need to either change the Intel PTT status to Enabled or to change the Security Chip setting from Discrete to Intel PTT.
Save the changes and exit BIOS.
Once you have enabled the Intel PTT setting, the encryption process should start without requiring a password.
Different BIOS versions with the Intel PTT setting



Page Menu
- Bitdefender – GravityZone
- Report types
- Repair client
- Reconfigure client
- Configuration
- Operation
- Operation
- Best practices
- Viewing and managing scheduled reports
- Announcements
- Executive Summary
- Reports
- Restart machine
- Create reports
- Deleting notifications
- Configuring notification settings
- Taking report-based actions
- Saving reports
- Emailing reports
- Printing reports
- Notifications
- Notification types
- Viewing notifications
- Risk scan
- Best practices
- Credentials Manager
- Patch tasks
- Troubleshooting
- Creating policies
- Assigning policies
- Configuring profiles
- Changing policy settings
- Renaming policies
- Computer policies
- Check my monthly subscription for Bitdefender Security for AWS
- Scan for IOC
- Scan
- Deleting policies
- Exchange scan
- Patch tasks
- Install
- Uninstall client
- Update client
- Network discovery
- Patch Management
- Deleting endpoints
- Threats Xplorer
- Introduction
- Antimalware
- Advanced Threat Control
- HyperDetect
- Advanced Anti-Exploit
- Firewall
- Content Control
- Network Attack Defense
- Using Recovery Manager for encrypted volumes
- Device Control
- Email Security
- Full Disk Encryption
- Security for Exchange
- Sandbox Analyzer
- Endpoint Risk Analytics (ERA)
- eXtended Detection and Response (XDR)
- Security for Storage
- Container Protection
- Endpoint types
- Email Security Licensing & Provisioning
- Install Security Server through Control Center
- Install security agents – standard procedure
- Install Security Server manually
- AD Connect
- Bitdefender Endpoint Security Tools for Linux quick start guide
- Install security agents – use cases
- Whitelist Email
- Configure Email
- Add Mailbox
- Features distribution
- Network inventory
- Checking the endpoints status
- Viewing endpoint details
- Organizing endpoints into Groups
- Sorting, filtering and searching for endpoints
- Viewing and managing tasks
- Running tasks
- Creating quick reports
- Assigning policies