BitLocker Post OS-Install - Boot & Partition Considerations

This post was written to help anyone trying to implement BitLocker without
having the required partition configuration.

During the initial Vista (6000) install I did not take the default
recommended partitions and part sizes. Chalk it up to inexperience. Anyway on
my laptop I created a single 40GB partition for the boot/system. After
discovering more about Vista, CBT first look, etc . . . I wanted to enable
the Bitlocker feature. My (DELL B130) does not have a TPM chip but MS has a
workaround using a USB key, easy enough.

The real discovery, and reason for this post, is to reveal some learned
changes in the bootloader and startup of Vista. Other Windows Live searches
resulted in some supporting information as well.

To create the partition requirements of the BitLocker feature, I used
(diskmgmt.msc now allows for) the "shrinking" partion on the fly feature.
With the newly freed space I created an (NTFS) 1.5GB partition and I made it
the active partition for the system. Next, to make the new 1.5GB active
partition "bootable" 2 files were required - c:\bootmgr and C:\Boot\BCD (need
to access this file while Vista is shutdown - locked during OS runtime). I
used WinPE for the BCD file copy.

That was it. Vista now had the required partition config for BitLocker and
is bootable. I followed the rest of the MS article for deployment of the BL
feature w/o TPM HW.

http://www.microsoft.com/technet/win...4d762cf31.mspx


It is working like a charm.

Microsoft has a tool to convert partitions in the works....If you aren't in
a hurry it is probably better to wait...

--
Josh
http://windowsconnected.com
"Banquo" <Banquo@discussions.microsoft.com> wrote in message
news:AB1CE0D1-46DE-4A85-AC2B-B3188B540103@microsoft.com...
> This post was written to help anyone trying to implement BitLocker without
> having the required partition configuration.
>
> During the initial Vista (6000) install I did not take the default
> recommended partitions and part sizes. Chalk it up to inexperience. Anyway
> on
> my laptop I created a single 40GB partition for the boot/system. After
> discovering more about Vista, CBT first look, etc . . . I wanted to enable
> the Bitlocker feature. My (DELL B130) does not have a TPM chip but MS has
> a
> workaround using a USB key, easy enough.
>
> The real discovery, and reason for this post, is to reveal some learned
> changes in the bootloader and startup of Vista. Other Windows Live
> searches
> resulted in some supporting information as well.
>
> To create the partition requirements of the BitLocker feature, I used
> (diskmgmt.msc now allows for) the "shrinking" partion on the fly feature.
> With the newly freed space I created an (NTFS) 1.5GB partition and I made
> it
> the active partition for the system. Next, to make the new 1.5GB active
> partition "bootable" 2 files were required - c:\bootmgr and C:\Boot\BCD
> (need
> to access this file while Vista is shutdown - locked during OS runtime). I
> used WinPE for the BCD file copy.
>
> That was it. Vista now had the required partition config for BitLocker and
> is bootable. I followed the rest of the MS article for deployment of the
> BL
> feature w/o TPM HW.
>
> http://www.microsoft.com/technet/win...4d762cf31.mspx
>
>
> It is working like a charm.

What does this partition coversion tool do that is new?

"Josh" wrote:

> Microsoft has a tool to convert partitions in the works....If you aren't in
> a hurry it is probably better to wait...
>
> --
> Josh
> http://windowsconnected.com
> "Banquo" <Banquo@discussions.microsoft.com> wrote in message
> news:AB1CE0D1-46DE-4A85-AC2B-B3188B540103@microsoft.com...
> > This post was written to help anyone trying to implement BitLocker without
> > having the required partition configuration.
> >
> > During the initial Vista (6000) install I did not take the default
> > recommended partitions and part sizes. Chalk it up to inexperience. Anyway
> > on
> > my laptop I created a single 40GB partition for the boot/system. After
> > discovering more about Vista, CBT first look, etc . . . I wanted to enable
> > the Bitlocker feature. My (DELL B130) does not have a TPM chip but MS has
> > a
> > workaround using a USB key, easy enough.
> >
> > The real discovery, and reason for this post, is to reveal some learned
> > changes in the bootloader and startup of Vista. Other Windows Live
> > searches
> > resulted in some supporting information as well.
> >
> > To create the partition requirements of the BitLocker feature, I used
> > (diskmgmt.msc now allows for) the "shrinking" partion on the fly feature.
> > With the newly freed space I created an (NTFS) 1.5GB partition and I made
> > it
> > the active partition for the system. Next, to make the new 1.5GB active
> > partition "bootable" 2 files were required - c:\bootmgr and C:\Boot\BCD
> > (need
> > to access this file while Vista is shutdown - locked during OS runtime). I
> > used WinPE for the BCD file copy.
> >
> > That was it. Vista now had the required partition config for BitLocker and
> > is bootable. I followed the rest of the MS article for deployment of the
> > BL
> > feature w/o TPM HW.
> >
> > http://www.microsoft.com/technet/win...4d762cf31.mspx
> >
> >
> > It is working like a charm.
>

Hello,
It assists with creating the bitlocker volume configuration on disks where
Windows Vista is already installed
Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights

Automates the conversion from a single partition setup to one that is
bitlocker capable.

--
Josh
http://windowsconnected.com
"banquo" <banquo@discussions.microsoft.com> wrote in message
news:1901979D-2793-4FC6-94BD-EE392690E672@microsoft.com...
> What does this partition coversion tool do that is new?
>
> "Josh" wrote:
>
>> Microsoft has a tool to convert partitions in the works....If you aren't
>> in
>> a hurry it is probably better to wait...
>>
>> --
>> Josh
>> http://windowsconnected.com
>> "Banquo" <Banquo@discussions.microsoft.com> wrote in message
>> news:AB1CE0D1-46DE-4A85-AC2B-B3188B540103@microsoft.com...
>> > This post was written to help anyone trying to implement BitLocker
>> > without
>> > having the required partition configuration.
>> >
>> > During the initial Vista (6000) install I did not take the default
>> > recommended partitions and part sizes. Chalk it up to inexperience.
>> > Anyway
>> > on
>> > my laptop I created a single 40GB partition for the boot/system. After
>> > discovering more about Vista, CBT first look, etc . . . I wanted to
>> > enable
>> > the Bitlocker feature. My (DELL B130) does not have a TPM chip but MS
>> > has
>> > a
>> > workaround using a USB key, easy enough.
>> >
>> > The real discovery, and reason for this post, is to reveal some learned
>> > changes in the bootloader and startup of Vista. Other Windows Live
>> > searches
>> > resulted in some supporting information as well.
>> >
>> > To create the partition requirements of the BitLocker feature, I used
>> > (diskmgmt.msc now allows for) the "shrinking" partion on the fly
>> > feature.
>> > With the newly freed space I created an (NTFS) 1.5GB partition and I
>> > made
>> > it
>> > the active partition for the system. Next, to make the new 1.5GB active
>> > partition "bootable" 2 files were required - c:\bootmgr and C:\Boot\BCD
>> > (need
>> > to access this file while Vista is shutdown - locked during OS
>> > runtime). I
>> > used WinPE for the BCD file copy.
>> >
>> > That was it. Vista now had the required partition config for BitLocker
>> > and
>> > is bootable. I followed the rest of the MS article for deployment of
>> > the
>> > BL
>> > feature w/o TPM HW.
>> >
>> > http://www.microsoft.com/technet/win...4d762cf31.mspx
>> >
>> >
>> > It is working like a charm.
>>

Nice,
be sure to let us know please.

Jeff

""Darrell Gorter[MSFT]"" <Darrellg@online.microsoft.com> wrote in message
news:8NzBi2LFHHA.2300@TK2MSFTNGHUB02.phx.gbl...
> Hello,
> It assists with creating the bitlocker volume configuration on disks where
> Windows Vista is already installed
> Thanks,
> Darrell Gorter[MSFT]
>
> This posting is provided "AS IS" with no warranties, and confers no rights
>

Per Josh, this is a really cool tool coming from the BitLocker Team (I'm now
on another project, so you'll probably be hearing less of me).

Reconfiguring a disk to get BitLocker working... without causing problems
later / rendering machine unbootable, requires a large number of steps a
number of which involves BCDEDIT. I'm amazed Banquo had success.

I really recommend holding out for the tool rather than trying to jump
through the reconfiguring hoops.
-
Jamie Hunter [MS]

"Josh" <josh@windowsconnected.com> wrote in message
news:6FB0E47B-0BCF-4B95-B446-393B60390198@microsoft.com...
> Automates the conversion from a single partition setup to one that is
> bitlocker capable.
>
> --
> Josh
> http://windowsconnected.com
> "banquo" <banquo@discussions.microsoft.com> wrote in message
> news:1901979D-2793-4FC6-94BD-EE392690E672@microsoft.com...
>> What does this partition coversion tool do that is new?
>>
>> "Josh" wrote:
>>
>>> Microsoft has a tool to convert partitions in the works....If you aren't
>>> in
>>> a hurry it is probably better to wait...
>>>
>>> --
>>> Josh
>>> http://windowsconnected.com
>>> "Banquo" <Banquo@discussions.microsoft.com> wrote in message
>>> news:AB1CE0D1-46DE-4A85-AC2B-B3188B540103@microsoft.com...
>>> > This post was written to help anyone trying to implement BitLocker
>>> > without
>>> > having the required partition configuration.
>>> >
>>> > During the initial Vista (6000) install I did not take the default
>>> > recommended partitions and part sizes. Chalk it up to inexperience.
>>> > Anyway
>>> > on
>>> > my laptop I created a single 40GB partition for the boot/system. After
>>> > discovering more about Vista, CBT first look, etc . . . I wanted to
>>> > enable
>>> > the Bitlocker feature. My (DELL B130) does not have a TPM chip but MS
>>> > has
>>> > a
>>> > workaround using a USB key, easy enough.
>>> >
>>> > The real discovery, and reason for this post, is to reveal some
>>> > learned
>>> > changes in the bootloader and startup of Vista. Other Windows Live
>>> > searches
>>> > resulted in some supporting information as well.
>>> >
>>> > To create the partition requirements of the BitLocker feature, I used
>>> > (diskmgmt.msc now allows for) the "shrinking" partion on the fly
>>> > feature.
>>> > With the newly freed space I created an (NTFS) 1.5GB partition and I
>>> > made
>>> > it
>>> > the active partition for the system. Next, to make the new 1.5GB
>>> > active
>>> > partition "bootable" 2 files were required - c:\bootmgr and
>>> > C:\Boot\BCD
>>> > (need
>>> > to access this file while Vista is shutdown - locked during OS
>>> > runtime). I
>>> > used WinPE for the BCD file copy.
>>> >
>>> > That was it. Vista now had the required partition config for BitLocker
>>> > and
>>> > is bootable. I followed the rest of the MS article for deployment of
>>> > the
>>> > BL
>>> > feature w/o TPM HW.
>>> >
>>> > http://www.microsoft.com/technet/win...4d762cf31.mspx
>>> >
>>> >
>>> > It is working like a charm.
>>>
>

I wrote up some instructions for a little more user-friendly process that
worked for me:

http://www.vistaclues.com/setup-bitl...lling-windows/

....just while we wait for the tool from the MS guys.

"Banquo" wrote:

> This post was written to help anyone trying to implement BitLocker without
> having the required partition configuration.
>
> During the initial Vista (6000) install I did not take the default
> recommended partitions and part sizes. Chalk it up to inexperience. Anyway on
> my laptop I created a single 40GB partition for the boot/system. After
> discovering more about Vista, CBT first look, etc . . . I wanted to enable
> the Bitlocker feature. My (DELL B130) does not have a TPM chip but MS has a
> workaround using a USB key, easy enough.
>
> The real discovery, and reason for this post, is to reveal some learned
> changes in the bootloader and startup of Vista. Other Windows Live searches
> resulted in some supporting information as well.
>
> To create the partition requirements of the BitLocker feature, I used
> (diskmgmt.msc now allows for) the "shrinking" partion on the fly feature.
> With the newly freed space I created an (NTFS) 1.5GB partition and I made it
> the active partition for the system. Next, to make the new 1.5GB active
> partition "bootable" 2 files were required - c:\bootmgr and C:\Boot\BCD (need
> to access this file while Vista is shutdown - locked during OS runtime). I
> used WinPE for the BCD file copy.
>
> That was it. Vista now had the required partition config for BitLocker and
> is bootable. I followed the rest of the MS article for deployment of the BL
> feature w/o TPM HW.
>
> http://www.microsoft.com/technet/win...4d762cf31.mspx
>
>
> It is working like a charm.

Do you know what the status of the tool is?

""Darrell Gorter[MSFT]"" wrote:

> Hello,
> It assists with creating the bitlocker volume configuration on disks where
> Windows Vista is already installed
> Thanks,
> Darrell Gorter[MSFT]
>
> This posting is provided "AS IS" with no warranties, and confers no rights
>
>

In article <08B94FAA-A536-43EB-B656-
E81A6530721F@microsoft.com>, in the
microsoft.public.windows.vista.security news group, =?Utf-
8?B?TmV2c2t5?= <Nevsky@discussions.microsoft.com> says...

> Do you know what the status of the tool is?

If you're running Ultimate it is available as an Ultimate
Extra download. If you're running Enterprise it is
available through your SA/EA fulfillment.

>
> ""Darrell Gorter[MSFT]"" wrote:
>
> > Hello,
> > It assists with creating the bitlocker volume configuration on disks where
> > Windows Vista is already installed
> > Thanks,
> > Darrell Gorter[MSFT]
> >
> > This posting is provided "AS IS" with no warranties, and confers no rights
> >
> >
>

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca
"The English language, complete with irony, satire, and
sarcasm, has survived for centuries without smileys. Only
the new crop of modern computer geeks finds it impossible
to detect a joke that is not clearly labeled as such."
Ray Shea