Originally I configured my laptop as a dual-boot with Vista SP1 and Windows Server 2008 and total two partitions on the hard drive.  So this is a configuring BitLocker with existing operating system scenario. The following are the high level steps which I did to put BitLocker on the machine.  A follow-up screencast of this post is coming soon.

  1. Boot into Vista SP1, download and install the BitLocker Drive Preparation Tool.
  2. Run the tool from All Programs/Accessories/System Tools/BitLocker to create a system drive (1.5 GB) for BitLocker.
  3. In Control Panel, turn on BitLocker on C drive by following the process to enable TPM, reboot, etc. and let it finish the encryption. In my scenario, I stored the BitLocker recovery password in a USB stick. The encryption is likely to take hours, so plan accordingly.
  4. Power off ad on, and re-boot a few times to test it out and make sure the system behaves in a consistently manner.
  5. Boot into Windows Server 2008.
  6. In Control Panel, turn on BitLocker on C drive by following the process to reboot, etc. and let it finish the encryption. In my scenario, I stored the BitLocker recovery password in a USB stick. The encryption is likely to take hours, so plan accordingly.
  7. Power off and on, and re-boot in toVista SP1 and Windows Server 2008, and back and forth a few times to test it out and make sure the system behaves in a consistently manner.

When it’s all said and done, the included screen captures are what I see from either operating system. Notice when booting into Vista SP1, due to the encryption, I don’t see the drive information of the partition hosting Windows Server 2008. Similarly when booting into Widows Server 2008, the Vista Sp1 partition becomes not accessible. I also have a 2nd hard disk mapped to the “data” drive which also becomes BitLocker aware.

Make no mistake about it. Keep the BitLocker recovery password safe and readily available. And very importantly, one should consider based on the dual-boot usage scenario, which partition BitLocker will be configured with first. There may be times we may also inadvertently change the hardware configuration without realizing it, and the system will come up with a black and white screen asking for the recovery password which is a set of 8 6-digit numbers. What has been happening to me is when booting from the partition that was not the first of the two to configure with BitLocker, apparently the on-board Trust Platform Module (TPM) thinks it's a change of system configuration and requests the recovery password. In my case, Windows Server 2008 was configured with BitLocker first and Vista (Enterprise SP1) later. So booting with Windows Server 2008 is business as usual, while whenever booting with Vista, TPM will intercept the process and request the recovery password for this drive.

Dual Boot with BitLocker - Vista SP1

System and drive information, and BitLocker configuration and Disk Management

 

Dual Boot with BitLocker – Windows Server 2008

System and drive information, and BitLocker configuration and Disk Management