How to encrypt your Vista hard drive using BitLocker – Part I

Windows Vista comes with a new feature called Bitlocker Drive Encryption that is much better and much stronger than the encryption in Windows XP. It basically ensures that data on your computer will remain encrypted even if the operating system is not running, which prevents “offline” attacks, such as removing the hard drive, etc.

It’s truly a physical hardware level encryption rather than software level encryption. The entire Windows volume is encrypted for maximum security. If you have highly sensitive data on a laptop or desktop, you may want to consider using Bitlocker protection.

Before you can actually being using Bitlocker, there are certain requirements that have to be met, so make sure to read them:

1. Must be running Windows Vista (does not work with XP)
2. Must have a Trusted Computing Group compliant BIOS and a TPM microchip
3. Must have TWO NTFS partitions on your computer (one for the OS and one for the system volume). The system volume must be the active partition.
4. Must have the BIOS start up from the hard drive first, not CD or USB or Network

In this article, I will discuss how to create two partitions on a hard disk for Bitlocker Drive Encryption. This will be part I of three part series on setting up BitLocker correctly.

If you are reading this and your Windows Vista machine is not already partitioned into at least two partitions, then you will have to reformat your computer and reinstall Windows Vista in order to use BitLocker.  

The basic procedure is to create a small 1.5GB primary partition, set it to Active, then create another partition with the rest of the disk space, format both partitions, and install Windows Vista on this partition.

Partition a hard drive with no operating system

Boot up the computer using the Windows Vista CD/DVD and click Next in the initial Install Windows screen.

Now click Repair your computer on the next screen and in the System Recovery Options dialog box, make sure no operating system is selected by clicking the empty area below any of the entries.

Then click on Command Prompt and type in diskpart and press Enter to being the process of creating the partitions.

Now type in the following commands pressing Enter after each line. The comments in parenthesis () are just notes, do not actually type that part in.

1. select disk 0
2. clean
3. create partition primary size=1500 (creating a 1.5GB primary partition)
4. assign letter=S (assigning the drive letter S)
5. active (marking it as active)
6. create partition primary (create another partition using rest of space)
7. assign letter=C (assigning the drive letter C)
8. list volume (you should see two volumes and their appropriate sizes, check to make sure it’s correct)
9. exit
10. format c: /y /q /fs:NTFS
11. format s: /y /q /fs:NTFS
12. exit

Now when you are back in the System Recovery Options dialog, just close it by pressing the X at the top or by pressing Alt + F4. Now click on Install Now to install Windows Vista. Make sure to choose the larger volume, in our case C, to install the operating system.

So that’s Part I for setting up BitLocker on Windows Vista. Part II will be how to turn on BitLocker in Vista,  Part III will cover how to enable BitLocker without TPM, and Part IV will cover how to recover data that is protected by BitLocker in case something goes wrong. Enjoy!