Undo Bitlocker Drive Preparation Tool

Discussion in 'Windows Vista Installation' started by Paul Baker [MVP, Windows - SDK], Jan 7, 2008.

  1. I read in the BitLocker ReadMe that a TPM was recommended, but not required.
    So I ran the BitLocker Drive Preparation Tool and let it add a new boot
    partition. So now I have an extra volume, S:.

    I then saw a message that a TPM is required. Upon further reading, I
    discovered that the requirement can be turned off, but the alternative is to
    use a USB flash drive as a key. The inconvenience of this solution is not
    worth it for me, so I will use Ecrypting File System (EFS) instead. Had I
    known this in the first place, I would not have ran the Bitlocker Drive
    Preparation Tool.

    System Restore changed the drive letter of the volume, but nothing else

    How can I undo what Bitlocker Drive Preparation Tool did? I know that in
    general, I need to move boot files and change the active partition, but I am
    afraid of making my systen non-bootable.


    Paul Baker [MVP, Windows - SDK], Jan 7, 2008
    1. Advertisements

  2. Paul Baker [MVP, Windows - SDK]

    Kerry Brown Guest


    Be sure you understand EFS, have an offline copy of the encryption
    certificate, and know how to use it to recover data. Test copying an
    encrypted file to another computer and using the certificate to decrypt it
    before you encrypt your actual data. Make sure that the test computer is not
    in the same domain as the source computer. It is very easy to lose data when
    using EFS.

    Kerry Brown, Jan 7, 2008
    1. Advertisements

  3. Kerry,

    Thanks! I will let you know how it goes.

    I am still trying to decide whether or not to use EFS. I probably will, as I
    did backup my key, I don't think I'll be changing my password and I
    regularly backup all my files (except program files).

    Paul Baker [MVP, Windows - SDK], Jan 8, 2008
  4. Paul Baker [MVP, Windows - SDK]

    Kerry Brown Guest

    Make sure you test decrypting files on another computer that is not joined
    to the same domain. It is not a trivial process. As long as you can do this
    EFS is safe. If you can't you will eventually lose the data.

    Kerry Brown
    Microsoft MVP - Shell/User
    Kerry Brown, Jan 8, 2008
  5. Kerry,

    Thanks, I got rid of that pesky partition. This is how:

    - Change the C: partition to the Active partition.
    - Reboot from the Windows DVD and let Startup Repair find the OS on C:
    - Reboot from the Windows DVD and let Startup Repair replace BOOTMGR.EXE.
    - Use Disk Management to delete the unwanted partition and resize the C:

    Paul Baker [MVP, Windows - SDK], Jan 19, 2008
  6. Paul Baker [MVP, Windows - SDK]

    Joe Morris Guest

    [Bitlocker issues]
    An addition to other responses about EFS: one of the gotchas about it is
    that you can copy EFS-encrypted files to a volume which does not support
    EFS, and the system will cheerfully store an unencrypted copy of the file on
    the target volume without warning you. This issue is possible with both the
    swap file and any temporary files created by your applications, as well as
    any external devices such as a USB key. It's not insurmountable if you
    ensure that all candidate volumes (or at least all target folders) support
    EFS encryption, but it's a potential problem if you're not aware of it.

    Also, if you're using EFS you want to check to make sure that your backup
    program is EFS-aware. An EFS-aware backup program will store files on the
    backup media in their EFS-encrypted form, even if the backup media does not
    support EFS.

    Alternatively, there are third-party products which can be used to encrypt
    entire volumes; this might be an option for your to consider, especially if
    you are the only person who will be accessing the protected data.

    Question: is the data which you're trying to protect personal, or is it
    related to your job? If the latter, and you aren't the owner, you need to
    spend a few minutes talking to your manager and/or the IT manager about
    ensuring that the company has the key (or EFS certificate) so that it can
    recover the encrypted files if you get hit by a bus.

    If the data is personal and someone in your family would need to access it,
    you need to remember to provide for what happens after the bus with your
    name on it arrives. One way to handle this might be to place a CD in a bank
    box or in a locked drawer in your office desk, and tell someone where to
    find it.

    Joe Morris
    Joe Morris, Jan 20, 2008
  7. Joe,

    It is for personal data. My wife knows my password that can be used to logon
    to my account and to use the certificate.


    Paul Baker [MVP, Windows - SDK], Jan 21, 2008
  8. Joe,

    I don't think I have any sensitive files right now. I just don't want any
    prying eyes on my personal stuff. I want to "set it and forget it" so that I
    know anything I put there is safe. I am encrypting all of C:\Users.

    Also, should a bus have my name on it and my wife can't remember my password
    or has a problem with EFS, or if I get in trouble with EFS for that matter,
    I have backups on DVD. I use Microsoft Backup. I would think that is EFS


    Paul Baker [MVP, Windows - SDK], Jan 21, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.