Getting BitLocker to work

BitLocker does work, it seems.

My queries to Dell about BitLocker and their OptiPlex 745 corporate desktop paid off, and the company this week sent me a tool to upgrade the Bios firmware of the system.

The upgrade itself is a single executable file that lets you upgrade the Bios from within Windows. This is a welcome relief – the last time I had to patch the Bios of a computer, it involved booting from a system disk, then issuing a series of arcane command line instructions. Just as well – our OptiPlex review unit did not come with a floppy disk to boot from.

I held my breath anxiously while the Dell utility re-booted the computer and applied the update, before re-starting Windows.

Next, I faced another hurdle. BitLocker requires an extra disk partition of at least 1.5GB capacity, and although I had carefully set this up, Windows constantly threw up an error message stating that the disk configuration was incorrect.

It looked like there was nothing for it but to start the Vista install from scratch. Fortunately, this is not too onerous a task. Booting from the Vista DVD and bypassing the install takes you to a menu of recovery options, from where you can access a command line and the DISKPART storage configuration tool.

Following instructions from Microsoft's TechNet site, I created a small disk partition and set it as active, then created a larger partition filling the rest of the drive's free space. The latter is where Windows gets installed.

Once Vista had been re-installed onto the hard drive, it was just a question of turning on BitLocker. This gives you the option to store a recovery password on a USB Flash drive in case recovery of the data is needed later. I had previously activated the OptiPlex's TPM and set a password.

Encrypting the C: drive took well over an hour, but I was able to continue using the system while this was happening. Once finished, the system does not seem to suffer any noticeable performance degradation from having the main Windows disk entirely encrypted.

However, these are the key things that IT managers thinking of deploying BitLocker should keep in mind; Firstly, even brand new corporate PCs may need a Bios update in order to support Microsoft's disk encryption tool. Secondly, the system needs to be fully prepared before Vista is installed. In many cases, it will probably be best to specify that the PC vendor or system integrator configures the disk ready for BitLocker before delivery.

10 Nov 2006

Permalink

Do you agree?

Add your comment

Hi guys, I know this might be a bit off topic but seeing that a bunch of you own websites, where would the best place be to host. Someone recommended I use Blue Host for $6.95 a month which seems like a great deal. Anyone here on labs.v3.co.uk using them?

Posted by: Greetechetkal 25 Feb 2010

What version of the BIOS did you receive from Dell? I am currently trying to enable bitlocker on a 745 myself and am having problems with the most current BIOS revision that they have available on their site. Thanks in advance! Erik

Posted by: Erik Fridell 16 Nov 2006

Add your comment

Your name:
Your email address:	We won't publish your address
Your comment title:
Your comment:	By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.