BitLocker Post OS-Install - Boot & Partition Considerations

[Guest]

This post was written to help anyone trying to implement BitLocker without
having the required partition configuration.

During the initial Vista (6000) install I did not take the default
recommended partitions and part sizes. Chalk it up to inexperience. Anyway on
my laptop I created a single 40GB partition for the boot/system. After
discovering more about Vista, CBT first look, etc . . . I wanted to enable
the Bitlocker feature. My (DELL B130) does not have a TPM chip but MS has a
workaround using a USB key, easy enough.

The real discovery, and reason for this post, is to reveal some learned
changes in the bootloader and startup of Vista. Other Windows Live searches
resulted in some supporting information as well.

To create the partition requirements of the BitLocker feature, I used
(diskmgmt.msc now allows for) the "shrinking" partion on the fly feature.
With the newly freed space I created an (NTFS) 1.5GB partition and I made it
the active partition for the system. Next, to make the new 1.5GB active
partition "bootable" 2 files were required - c:\bootmgr and C:\Boot\BCD (need
to access this file while Vista is shutdown - locked during OS runtime). I
used WinPE for the BCD file copy.

That was it. Vista now had the required partition config for BitLocker and
is bootable. I followed the rest of the MS article for deployment of the BL
feature w/o TPM HW.

http://www.microsoft.com/technet/windowsvista/library/c61f2a12-8ae6-4957-b031-97b4d762cf31.mspx


It is working like a charm.

 

[Josh]

Microsoft has a tool to convert partitions in the works....If you aren't in
a hurry it is probably better to wait...

 

[Darrell Gorter[MSFT]]

Hello,
It assists with creating the bitlocker volume configuration on disks where
Windows Vista is already installed
Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights

 

[Josh]

Automates the conversion from a single partition setup to one that is
bitlocker capable.

 

[Jeff]

Nice,
be sure to let us know please.

Jeff

 

[Jamie Hunter [MS]]

Per Josh, this is a really cool tool coming from the BitLocker Team (I'm now
on another project, so you'll probably be hearing less of me).

Reconfiguring a disk to get BitLocker working... without causing problems
later / rendering machine unbootable, requires a large number of steps a
number of which involves BCDEDIT. I'm amazed Banquo had success.

I really recommend holding out for the tool rather than trying to jump
through the reconfiguring hoops.
-
Jamie Hunter [MS]

 

[Guest]

Do you know what the status of the tool is?

 

[Paul Adare]

(e-mail address removed)>, in the
microsoft.public.windows.vista.security news group, =?Utf-

Do you know what the status of the tool is?

If you're running Ultimate it is available as an Ultimate
Extra download. If you're running Enterprise it is
available through your SA/EA fulfillment.

Hello,
It assists with creating the bitlocker volume configuration on disks where
Windows Vista is already installed
Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca
"The English language, complete with irony, satire, and
sarcasm, has survived for centuries without smileys. Only
the new crop of modern computer geeks finds it impossible
to detect a joke that is not clearly labeled as such."
Ray Shea