How to create your own USB startup key from scratch on Windows 11 — OnMSFT.com

How to create a USB startup key from scratch on Windows 11

If you have a spare USB laying around, you can easily repurpose it and create a USB startup key on Windows 11 instead. Here’s what to do.

1. Turn on BitLocker on the USB drive you want to use
2. Open Local Group Policy Editor and follow this path:
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives
3. Enable “Require additional authentication at startup”
4. Select Require startup key with TPM form the drop-down menu
5. Run the following command in Command Prompt as an administrator to create a USB startup key:
manage-bde -protectors -add {System Drive} -TPMAndStartupKey {USB Drive}

Did you know you can use just about any USB drive as a “startup key” on Windows 11? When you enable BitLocker on newer PCs, Windows automatically unlocks your system drive every time you start up your computer using Trusted Platform Module (TPM).

The ability to add an extra level of security with the convenience with using a USB…