Bitlocker, the new security scheme in Microsoft Windows Vista and Windows 7, helps encrypt the entire system drive. This security feature requires an extra hard disk partition of about 1.5 GB of free space for the installation of unencrypted boot data, to enable booting from the encrypted system drive. If you overlooked this and installed Vista without creating this additional partition, you can follow this article to get Bitlocker installed. I assume that you have some experience with Windows installation. If not, it is recommended to have a technically knowledgeable person near you.
As I said, you need two hard disk partitions to enable Bitlocker. Bitlocker stores the Windows Boot Manager (the equivalent of boot.ini, the most important boot file, in XP) in a smaller (1.5 GB at the minimum) active partition. The main partition (C:\ drive) is encrypted, and the active partition keeps the decrypted system boot information to enable booting to the system drive.
Note BitLocker is available only in the Enterprise and Ultimate editions of Windows Vista and Windows 7. Users of other versions of Windows can use a 3rd party encryption program to satisfy the need for full drive encryption.
Activating the Active Partition
The first step you need to do is repartitioning your hard drive. Follow these steps for that. You should backup all your important information in hard disk before you attempt the steps mentioned (also they are a bit technical, so the presence of a technically savvy person is much appreciable). Use Windows Backup tool for backing up all the data to another hard disk or a DVD-ROM. Follow these steps to create the active partition.
1. Free up at least 1.5 GB on your C:\ drive (by deleting unwanted content and programs, you can use Disk Cleanup for this).
2. Open the Computer Management Console (rightclick Computer from start menu and click Manage), in it go to the Disk Management option.
3. Contract the C:\ drive by selecting Shrink Volume from its contextual menu (rightclick). Create 1.5 GB of additional space through this.
4. Now, create a new volume in the free space by rightclicking on it and choosing New Simple Volume.
5. Format the new drive created in NTFS.
6. Mark this new partition as active from its rightclick menu.
7. Once these are done, the PC will not start normally to Windows. You have to repair the system with your Windows Vista DVD.
8. Restart the computer, insert the Vista DVD, and boot into the Vista Installation screen.
9. The installer will prompt you to repair the system. When the prompt is displayed, click Repair your computer.
10. If the installer doesn’t automatically detect the problem, go to the next step. When you are presented with System Recovery Options, choose Startup Repair. The Startup Repair tool will install the Boot Manager on the active partition; now you can remove the DVD and restart the computer normally.
You have successfully installed the active partition for Bitlocker. Follow the following steps to enable Bitlocker in this partition now.
Appointing the Sentry
1. Go to Start menu, and in start search box, type “gpedit.msc” to open the Group Policy Editor.
2. Go to Administrative Templates->Windows Components->Bitlocker Drive Encryption, Doubleclick Control Panel Setup: Enable advanced startup options.
3. Now enable the Bitlocker by clicking in the radio button Enabled. Also, check Allow Bitlocker without a compatible TPM checkbox.
4. Once done, you may restart the computer to enable the Bitlocker, though usually it is enabled instantaneously.
The installation of Bitlocker is done. You need a USB key to store the password before encryption. This USB key has to be kept safe, and would be required in cases of any modification of the encrypted data on the drive.