Vista - Use bitlocker to encrypt different parrtition

Is it possible to use bitlocker to encrypt an other partition than the
windows Vista systempartition (for example encrypt D: rather than C?

Regards,
Rob

Nope.

--
Richard G. Harper [MVP Shell/User] rgharper@gmail.com
* NEW! Catch my blog ... http://msmvps.com/blogs/rgharper/
* PLEASE post all messages and replies in the newsgroups
* The Website - http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


"R.Demandt" <RDemandt@discussions.microsoft.com> wrote in message
news:1A7F58AD-9E8D-41E2-86EC-1493E51E9633@microsoft.com...
> Is it possible to use bitlocker to encrypt an other partition than the
> windows Vista systempartition (for example encrypt D: rather than C?
>
> Regards,
> Rob

Yes, with the BitLocker command line tool you can do this, but it is
unsupported on Vista. It is supposed to be supported on Windows Server
Codename Longhorn.

The tool is manage-bde.wsf.

BTW, you cannot encrypt the system partition at all. You can encrypt the
boot volume. Remember, the system volume is the one you boot from and it must
remain clear-text. The boot volume is the one with the operating system, and
it can be encrypted.


---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20


"Richard G. Harper" wrote:

> Nope.
>
> --
> Richard G. Harper [MVP Shell/User] rgharper@gmail.com
> * NEW! Catch my blog ... http://msmvps.com/blogs/rgharper/
> * PLEASE post all messages and replies in the newsgroups
> * The Website - http://rgharper.mvps.org/
> * HELP us help YOU ... http://www.dts-l.org/goodpost.htm
>
>
> "R.Demandt" <RDemandt@discussions.microsoft.com> wrote in message
> news:1A7F58AD-9E8D-41E2-86EC-1493E51E9633@microsoft.com...
> > Is it possible to use bitlocker to encrypt an other partition than the
> > windows Vista systempartition (for example encrypt D: rather than C?
> >
> > Regards,
> > Rob
>
>
>

So if someone was to steal my laptop partitioned, C: OS and E: Documents,
Windows would be secured and my Documents left unsecure?? Or can it affect
the whole disk regardless of partitoning? Bit of a miss there if it can't

"Jesper" wrote:

> Yes, with the BitLocker command line tool you can do this, but it is
> unsupported on Vista. It is supposed to be supported on Windows Server
> Codename Longhorn.
>
> The tool is manage-bde.wsf.
>
> BTW, you cannot encrypt the system partition at all. You can encrypt the
> boot volume. Remember, the system volume is the one you boot from and it must
> remain clear-text. The boot volume is the one with the operating system, and
> it can be encrypted.
>
>
> ---
> Your question may already be answered in Windows Vista Security:
> http://www.amazon.com/gp/product/047...otectyourwi-20
>
>
> "Richard G. Harper" wrote:
>
> > Nope.
> >
> > --
> > Richard G. Harper [MVP Shell/User] rgharper@gmail.com
> > * NEW! Catch my blog ... http://msmvps.com/blogs/rgharper/
> > * PLEASE post all messages and replies in the newsgroups
> > * The Website - http://rgharper.mvps.org/
> > * HELP us help YOU ... http://www.dts-l.org/goodpost.htm
> >
> >
> > "R.Demandt" <RDemandt@discussions.microsoft.com> wrote in message
> > news:1A7F58AD-9E8D-41E2-86EC-1493E51E9633@microsoft.com...
> > > Is it possible to use bitlocker to encrypt an other partition than the
> > > windows Vista systempartition (for example encrypt D: rather than C?
> > >
> > > Regards,
> > > Rob
> >
> >
> >

Correct. The assumption is that on workstations you should not (contrary to
the view that was often espoused for some reason with NT 4.0) put data on a
separate volume. Servers are different, which is why encrypting non-boot
volumes is going to be supported in Longhorn Server.

BitLocker is billed in the press as "full disk encryption" but it is really
better thought of as "full volume encryption" and if you read Microsoft's
documentation, that is how it is referred to. It never claimed to support
encrypting the entire disk. It encrypts volume by volume only.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20


"JD" wrote:

> So if someone was to steal my laptop partitioned, C: OS and E: Documents,
> Windows would be secured and my Documents left unsecure?? Or can it affect
> the whole disk regardless of partitoning? Bit of a miss there if it can't
>
> "Jesper" wrote:
>
> > Yes, with the BitLocker command line tool you can do this, but it is
> > unsupported on Vista. It is supposed to be supported on Windows Server
> > Codename Longhorn.
> >
> > The tool is manage-bde.wsf.
> >
> > BTW, you cannot encrypt the system partition at all. You can encrypt the
> > boot volume. Remember, the system volume is the one you boot from and it must
> > remain clear-text. The boot volume is the one with the operating system, and
> > it can be encrypted.
> >
> >
> > ---
> > Your question may already be answered in Windows Vista Security:
> > http://www.amazon.com/gp/product/047...otectyourwi-20
> >
> >
> > "Richard G. Harper" wrote:
> >
> > > Nope.
> > >
> > > --
> > > Richard G. Harper [MVP Shell/User] rgharper@gmail.com
> > > * NEW! Catch my blog ... http://msmvps.com/blogs/rgharper/
> > > * PLEASE post all messages and replies in the newsgroups
> > > * The Website - http://rgharper.mvps.org/
> > > * HELP us help YOU ... http://www.dts-l.org/goodpost.htm
> > >
> > >
> > > "R.Demandt" <RDemandt@discussions.microsoft.com> wrote in message
> > > news:1A7F58AD-9E8D-41E2-86EC-1493E51E9633@microsoft.com...
> > > > Is it possible to use bitlocker to encrypt an other partition than the
> > > > windows Vista systempartition (for example encrypt D: rather than C?
> > > >
> > > > Regards,
> > > > Rob
> > >
> > >
> > >

It must be said though that that does limit it's appeal, to those that
partition, and we do it incase the system fails we can either re-install or
recover are documents. There may well be others who may pay the premium price
for Ultimate to find this out, as it's labelled "Bit Locker Drive Encryption"
they may take that to mean the disk in a whole regardless of partitions. Thnx
for the info though

"Jesper" wrote:

> Correct. The assumption is that on workstations you should not (contrary to
> the view that was often espoused for some reason with NT 4.0) put data on a
> separate volume. Servers are different, which is why encrypting non-boot
> volumes is going to be supported in Longhorn Server.
>
> BitLocker is billed in the press as "full disk encryption" but it is really
> better thought of as "full volume encryption" and if you read Microsoft's
> documentation, that is how it is referred to. It never claimed to support
> encrypting the entire disk. It encrypts volume by volume only.
> ---
> Your question may already be answered in Windows Vista Security:
> http://www.amazon.com/gp/product/047...otectyourwi-20
>
>
> "JD" wrote:
>
> > So if someone was to steal my laptop partitioned, C: OS and E: Documents,
> > Windows would be secured and my Documents left unsecure?? Or can it affect
> > the whole disk regardless of partitoning? Bit of a miss there if it can't
> >
> > "Jesper" wrote:
> >
> > > Yes, with the BitLocker command line tool you can do this, but it is
> > > unsupported on Vista. It is supposed to be supported on Windows Server
> > > Codename Longhorn.
> > >
> > > The tool is manage-bde.wsf.
> > >
> > > BTW, you cannot encrypt the system partition at all. You can encrypt the
> > > boot volume. Remember, the system volume is the one you boot from and it must
> > > remain clear-text. The boot volume is the one with the operating system, and
> > > it can be encrypted.
> > >
> > >
> > > ---
> > > Your question may already be answered in Windows Vista Security:
> > > http://www.amazon.com/gp/product/047...otectyourwi-20
> > >
> > >
> > > "Richard G. Harper" wrote:
> > >
> > > > Nope.
> > > >
> > > > --
> > > > Richard G. Harper [MVP Shell/User] rgharper@gmail.com
> > > > * NEW! Catch my blog ... http://msmvps.com/blogs/rgharper/
> > > > * PLEASE post all messages and replies in the newsgroups
> > > > * The Website - http://rgharper.mvps.org/
> > > > * HELP us help YOU ... http://www.dts-l.org/goodpost.htm
> > > >
> > > >
> > > > "R.Demandt" <RDemandt@discussions.microsoft.com> wrote in message
> > > > news:1A7F58AD-9E8D-41E2-86EC-1493E51E9633@microsoft.com...
> > > > > Is it possible to use bitlocker to encrypt an other partition than the
> > > > > windows Vista systempartition (for example encrypt D: rather than C?
> > > > >
> > > > > Regards,
> > > > > Rob
> > > >
> > > >
> > > >

On Fri, 20 Apr 2007 18:18:01 -0700, JD wrote:

> It must be said though that that does limit it's appeal, to those that
> partition, and we do it incase the system fails we can either re-install or
> recover are documents. There may well be others who may pay the premium price
> for Ultimate to find this out, as it's labelled "Bit Locker Drive Encryption"
> they may take that to mean the disk in a whole regardless of partitions. Thnx
> for the info though

There is talk of extending BDE to cover non-boot partitions in the future,
perhaps with Vista SP1. In the interim, you can always use EFS to protect
the non-boot partitions.

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea

There is nothing really inherent in BitLocker that prevents it from doing
encryption of multiple volumes. In Longhorn Server it can do it easily. It
just is not tested and supported in the GUI on Vista RTM.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20


"Paul Adare" wrote:

> On Fri, 20 Apr 2007 18:18:01 -0700, JD wrote:
>
> > It must be said though that that does limit it's appeal, to those that
> > partition, and we do it incase the system fails we can either re-install or
> > recover are documents. There may well be others who may pay the premium price
> > for Ultimate to find this out, as it's labelled "Bit Locker Drive Encryption"
> > they may take that to mean the disk in a whole regardless of partitions. Thnx
> > for the info though
>
> There is talk of extending BDE to cover non-boot partitions in the future,
> perhaps with Vista SP1. In the interim, you can always use EFS to protect
> the non-boot partitions.
>
> --
> Paul Adare
> MVP - Windows - Virtual Machine
> http://www.identit.ca
> "The English language, complete with irony, satire, and sarcasm, has
> survived for centuries without smileys. Only the new crop of modern
> computer geeks finds it impossible to detect a joke that is not clearly
> labeled as such."
> Ray Shea
>

On Sat, 21 Apr 2007 15:38:02 -0700, Jesper wrote:

> There is nothing really inherent in BitLocker that prevents it from doing
> encryption of multiple volumes. In Longhorn Server it can do it easily. It
> just is not tested and supported in the GUI on Vista RTM.

I understand that, however, my understanding is that there are some changes
in Longhorn that provide additional support for BDE on non-boot volumes,
for example, automatically unlocking the contents of the non-boot volume,
that aren't in Vista presently.

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea

That's why it is not considered a tested and supported feature I believe.
Just 'cause something works doesn't mean it is a good idea. :-)

---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20


"Paul Adare" wrote:

> On Sat, 21 Apr 2007 15:38:02 -0700, Jesper wrote:
>
> > There is nothing really inherent in BitLocker that prevents it from doing
> > encryption of multiple volumes. In Longhorn Server it can do it easily. It
> > just is not tested and supported in the GUI on Vista RTM.
>
> I understand that, however, my understanding is that there are some changes
> in Longhorn that provide additional support for BDE on non-boot volumes,
> for example, automatically unlocking the contents of the non-boot volume,
> that aren't in Vista presently.
>
> --
> Paul Adare
> MVP - Windows - Virtual Machine
> http://www.identit.ca
> "The English language, complete with irony, satire, and sarcasm, has
> survived for centuries without smileys. Only the new crop of modern
> computer geeks finds it impossible to detect a joke that is not clearly
> labeled as such."
> Ray Shea
>