In order to install BitLocker on a system, Vista's boot files have to be on a separate partition. Typically, you would set that up before installing by creating at least two partitions: a small boot partition of about 2 GB and the full system partition. The separate boot partition is needed to allow the boot files themselves to remain unencrypted. Microsoft's guide to setting up BitLocker describes this process in detail.
To make it possible to use BitLocker on a system that's already using Vista, you'll need to use one of the add-ons available for Vista Business and Ultimate called the BitLocker Drive Preparation Tool. The Drive Preparation Tool allows the user to prepare a system with only one partition, or an incompatible partition arrangement, to use BitLocker. The Preparation Tool typically does this by creating a new boot partition out of the tail end of the current system partition (which it usually names drive S:), copying the boot loader there and setting that partition to be startable. Once you have the utility installed, via Microsoft Update, it's fairly easy to get running:
- Click Start and type BitLocker in the search field.
- Click on BitLocker Drive Preparation Tool.
- Click I Accept to accept the licensing agreement.
- Follow the prompts to create the new system boot partition. You will need to restart the computer during this process.
If you already have a Vista system running and want to add BitLocker to it, this utility makes things a lot easier than having to wipe the system, repartition it and reinstall Vista.
Using BitLocker on a non-TPM system
Step 1: Know your hardware
Step 2: Configure the drives
Step 3: Edit the local policy
Step 4: Start the BitLocker encryption process
About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!