How To Install BitLocker on Vista Ultimate Edition or Vista Enterprise Edition

Written by: InfinIT Consulting
Date Published: May 28, 2007

Issue:

While some users are versed enough in system building to configure their new Microsoft Vista from the bare metal up, the majority of users are stuck with the factory installed version of Vista that is included in our laptops and desktops.  This can become quite the nuisance, especially if you want to implement some of the advanced features of Vista Ultimate Edition or Vista Enterprise Edition - for example BitLocker. 

BitLocker Drive Encryption is a data protection feature that is integrated into Microsoft’s Enterprise and Ultimate editions of Vista that performs encryption for the entire OS volume and can offload the security keys into the onboard TPM (Trusted Platform Module) or a USB key. 

To encrypt drives and to verify computer startup integrity, BitLocker requires at least two partitions. These two partitions make up a split-load configuration. A split-load configuration separates the main operating system partition from the active system partition from which the computer starts.

Resolution

Microsoft offers the BitLocker Drive Preparation Tool that automates the following processes to make the computer ready for BitLocker:

  • Creating the second volume that BitLocker requires
  • Migrating the boot files to the new volume
  • Making the volume an active volume

When the tool finishes, you must restart the computer to change the system volume to the newly created volume. After you restart the computer, the drive will be configured correctly for BitLocker. You may also have to initialize the Trusted Platform Module (TPM) before you turn BitLocker on.

You can find instructions on how to utilize the Microsoft Windows Vista Drive Preparation Tool at http://support.microsoft.com/kb/933246

In certain configurations you may find the need to perform this configuration manually in which case you can follow the steps below.

  1. Open an elevated command prompt (right-click the command prompt shortcut and select "Run as administrator")

  2. Run the diskpart command

  3. Select your disk. Normally it is disk 0, but you may have a couple of disks, although if you do, you should consider using one of the other disks for your system partition. If you want to see the disks, type “list disk”. To select your disk, type “select disk 0”, where 0 is the number of your disk (in our example we  will assume you have a single-disk, single-partition setup).

  4. Select your partition. Normally it would be partition 1, assuming there is only one partition on the disk. If you are not sure, type “list partition” to see what you have. Then select it using the command “select partition 1”

  5. * For the next step if you are unsure of how to use the shrink command, type “help shrink” to get further instructions.  YOU DO NOT WANT TO JUST TYPE SHRINK!  This will take up all available space and make it available for the new partition.

  6. In most cases you will want to shrink the partition by 1.5 GB. To do that type “shrink desired=1500”. This may not give you exactly 1.5 GB so you may want to overshoot a little to make sure you get at least 1.5 GB.

  7. Open Computer Management and select “Disk Management”

  8. Format the new empty space on your disk using NTFS. If you label it “boot” to make it easier to find.

  9. Now you need to set this partition up to be bootable. First go into Computer Management to format it with NTFS.

  10. You will then need to migrate the boot files. This is an issue because the operating system holds the files open while the machine is running so you cannot copy them.  To bypass this dilemma you will boot into the Windows Vista Recovery Console.

  11. Put the Windows Vista DVD into the drive and reboot the computer. Select to start from the DVD. On many computers you have to hit F12 to get the boot menu

  12. When the Windows Vista locale selection screen comes up pick your locale

  13. When the Windows Vista installation screen comes up, select “Repair your computer”.

  14. Select your Windows Vista partition and click “Next >”

  15. Select “Command Prompt”

  16. From the command prompt, figure out which drives are which. Most likely your boot partition (the one with the OS) is C: and the new one you just created is D:. If you are not sure. Launch diskpart and type “list volume”

  17. To copy the boot directory. Use this command
    xcopy c:\boot d:\boot /h /e
    This will copy the whole directory structure and all the hidden files. You will probably get a prompt asking whether boot is a directory or a file on the target. It is a directory.

  18. Copy the boot manager using this command:
    xcopy c:\bootmgr d:\bootmgr /h
    In the prompt whether bootmgr is a directory or a file on the target, select file.

  19. Now set the new partition active. Launch diskpart again. Select your disk.

  20. List your partitions to determine which partition is the new boot partition. Then select it by typing “select partition 2”, where 2 is the number of your partition

  21. Make it active by typing “active”

  22. Exit diskpart and reboot the system. To do so, type exit twice

After you perform these step you will be ready to run the BitLocker tool and encrypt your drive. 

 

 

 

 

 

Request A Quote
866.364.2007
info@infinITconsulting.com
quick & easy online form

 

Listen to latest podcast
Compellent SAN technology

 
Subscribe To Our Newsletter
Subscribe Now

 

 

 

Exchange Server Consulting | SharePoint Consulting | MOSS 2007 Implementation | Merger & Acquisition Consulting | SOX 404 Consulting | IT Managed Services | SAN/NAS Implementation

InfinIT Consulting Inc. Copyright 2008. All Rights Reserved.
toll-free: 1.866.364.2007 phone: 408.361.8888 email: info@infinITconsulting.com | site map

  

InfinIT Consulting is a San Jose, Bay Area IT consulting firm specializing in custom IT solutions for midsize and enterprise companies looking to resolve business and IT challenges. Our top Bay Area IT consultants serve clients throughout the Silicon Valley - Bay Area, California and nationwide.