CTS – Your Technology Partner

Windows 8 and BitLocker

Written by Craig Butler on December 3, 2012

by: Matthew Dean

I have been running Windows 8 as my primary OS for some time now and I recently got around to enabling BitLocker. BitLocker has been a great encryption option for some time, but with Windows 8, there are some nice new features enabled. Those features are as follows:

  • BitLocker provisioning – Windows 8 is now deployable to an encrypted state during installation prior to calling setup.
  • Used Disk Space Only encryption – BitLocker now offers two encryption methods, Used Disk Space Only and Full volume encryption. Used Disk Space Only allows for a much quicker encryption experience by only encrypting used blocks on the targeted volume.
  • Standard User PIN and password change – Allows a standard user to change the BitLocker PIN or password on operating system volumes and the BitLocker password on data volumes, reducing internal help desk call volume.
  • Network Unlock – Enables a BitLocker system on a wired network to automatically unlock the system volume during boot (on capable Windows Server 2012 networks), reducing internal help desk call volumes for lost PINs.
  • Support for Encrypted Hard Drives for Windows – Windows 8 includes BitLocker support for Encrypted Hard Drives.

You can read more about these features on this TechNet article: http://technet.microsoft.com/en-us/library/hh831412.aspx

This is all nice, but the reason for this post is to share how I resolved a problem I ran into when attempting to setup BitLocker. My primary OS is running on a Samsung 830 Series 256GB SSD. As a side note, I have been extremely happy with the performance I have seen from this hard drive and Windows 8, especially considering that I am running an older Dell Latitude e6510. The drive is configured with a single partition for the OS and hence, my problem since configuring BitLocker requires a second partition. This is necessary in order to create a split-load configuration in which the main operating system partition and the active system partition (the one from which the computer starts) are separated. Upon attempting to enable BitLocker, I received an error message stating that BitLocker could not be enabled because it could not find a target system drive. After a quick search, I came across the BitLocker Drive Preparation Tool as the solution to my problem. Unfortunately this tool would not install on Windows 8. After a bit more searching, I came across this knowledge base article, Description of the BitLocker Drive Preparation Tool, that provided details on the command line version of the tool. The command line I used to prepare the drive is as follows:

BdeHdCfg.exe -target c: shrink -newdriveletter x: -size 1500

This command returned me a more detailed error message as follows:

The BitLocker Drive Preparation Tool could not find a target system drive. You may need to manually prepare your drive for BitLocker.

The same knowledge base article, as well as numerous other internet resources, pointed me to one of the two following scenarios in which this error could occur.

  1. Insufficient disk space
  2. Unmovable files

Neither of these were my problem so I began looking for instruction on how to “manually prepare your drive for BitLocker.” I couldn’t find anything that was Windows 8 specific, but by piecing the information I could find, I came to the conclusion that I needed to manually split my primary partition. I went into disk management and tried to do this and the tool failed. This was a red flag, there was clearly something else wrong here, why couldn’t I make any disk changes? Further searching revealed that the Windows 8 service, “Optimize drives” was responsible for the operations necessary to make this type of change. I had previously disabled this service because it is unnecessary, and will even be detrimental to the life of and SSD. So, a simple re-enabling of this service and the command line (above) executed properly and I was ready to configure BitLocker. One reboot and about fifteen minutes later, I was encrypted.

image

PS, if you have past experience with BitLocker, you are probably wondering how I got my drive encrypted in only fifteen minutes. Well, the SSD certainly makes things faster, but it doesn’t account for the full performance gain. The primary contributor to the quick encryption is the new Windows 8 BitLocker feature I mentioned above, Used Disk Space Only encryption.

Comments

comments