BitLocker Post OS-Install - Boot & Partition Considerations

Discussion in 'Windows Vista Security' started by Banquo, Nov 26, 2006.

  1. Banquo

    Banquo Guest

    This post was written to help anyone trying to implement BitLocker without
    having the required partition configuration.

    During the initial Vista (6000) install I did not take the default
    recommended partitions and part sizes. Chalk it up to inexperience. Anyway on
    my laptop I created a single 40GB partition for the boot/system. After
    discovering more about Vista, CBT first look, etc . . . I wanted to enable
    the Bitlocker feature. My (DELL B130) does not have a TPM chip but MS has a
    workaround using a USB key, easy enough.

    The real discovery, and reason for this post, is to reveal some learned
    changes in the bootloader and startup of Vista. Other Windows Live searches
    resulted in some supporting information as well.

    To create the partition requirements of the BitLocker feature, I used
    (diskmgmt.msc now allows for) the "shrinking" partion on the fly feature.
    With the newly freed space I created an (NTFS) 1.5GB partition and I made it
    the active partition for the system. Next, to make the new 1.5GB active
    partition "bootable" 2 files were required - c:\bootmgr and C:\Boot\BCD (need
    to access this file while Vista is shutdown - locked during OS runtime). I
    used WinPE for the BCD file copy.

    That was it. Vista now had the required partition config for BitLocker and
    is bootable. I followed the rest of the MS article for deployment of the BL
    feature w/o TPM HW.

    It is working like a charm.
    Banquo, Nov 26, 2006
  2. Banquo

    Josh Guest

    Microsoft has a tool to convert partitions in the works....If you aren't in
    a hurry it is probably better to wait...
    Josh, Nov 29, 2006
  3. Hello,
    It assists with creating the bitlocker volume configuration on disks where
    Windows Vista is already installed
    Darrell Gorter[MSFT]

    This posting is provided "AS IS" with no warranties, and confers no rights
    Darrell Gorter[MSFT], Nov 30, 2006
  4. Banquo

    Josh Guest

    Automates the conversion from a single partition setup to one that is
    bitlocker capable.
    Josh, Dec 1, 2006
  5. Banquo

    Jeff Guest

    be sure to let us know please.

    Jeff, Dec 1, 2006
  6. Per Josh, this is a really cool tool coming from the BitLocker Team (I'm now
    on another project, so you'll probably be hearing less of me).

    Reconfiguring a disk to get BitLocker working... without causing problems
    later / rendering machine unbootable, requires a large number of steps a
    number of which involves BCDEDIT. I'm amazed Banquo had success.

    I really recommend holding out for the tool rather than trying to jump
    through the reconfiguring hoops.
    Jamie Hunter [MS]
    Jamie Hunter [MS], Dec 6, 2006
  7. Banquo

    Nevsky Guest

    Do you know what the status of the tool is?
    Nevsky, Feb 1, 2007
  8. Banquo

    Paul Adare Guest

    If you're running Ultimate it is available as an Ultimate
    Extra download. If you're running Enterprise it is
    available through your SA/EA fulfillment.
    Paul Adare
    MVP - Windows - Virtual Machine
    "The English language, complete with irony, satire, and
    sarcasm, has survived for centuries without smileys. Only
    the new crop of modern computer geeks finds it impossible
    to detect a joke that is not clearly labeled as such."
    Ray Shea
    Paul Adare, Feb 1, 2007
