BitLocker Drive Encryption configuration under Hyper-V

first things first. I did not discover this method. It was blogged over here. However, it was written for Virtual PC and Virtual Server. I gave it try on Hyper-V and found that it works with little change to the steps mentioned in the original article. Here you go…

  1. Create a new Virtual Floppy Disk
    This can be done by selecting New -> Floppy Disk under Action menu of Hyper-V Manager MMC
  2. Create a new virtual machine with your preferred settings
  3. Start Windows 2008 or Vista (any flavor that supports BDE) install and follow the below partitioning layout. You need to run the below commands at command prompt. You can open a command prompt by pressing Shift+F10
    diskpart
    select disk 0
    clean
    create partition primary size=1500
    assign letter=S
    active
    create partition primary
    assign letter=C
    exit
    format c: /y /q /fs:NTFS
    format s: /y /q /fs:NTFS
    exit
  4. After the install is complete just turnoff the new VM and edit it’s settings to attach the VFD created in step 1
  5. Reboot the guest and install BitLocker Drive Encryption feature using Server Manager
  6. Run gpedit.msc and go to Local Computer Policy, Computer Configuration, Administrative Templates, Windows Components and then BitLocker Drive Encryption
  7. Double click on Control Panel Setup: Enable advanced startup options, select Enabled and make sure Allow BitLocker without a compatible TPM is checked
  8. At the command prompt, format a:(This is required to make sure the manage-bde.wsf works fine)
  9. At the command prompt,
    cscript c:\Windows\System32\manage-bde.wsf -on C: -rp -sk A:
  10. This will prompt you to reboot your system to check if the virtual floppy (or A:) is accessible during reboot
  11. After the reboot, check BDE option under Control Panel -> Security to make sure BDE is enabled on C:

From now on, you need to have the VFD attached to the guest every time you reboot. Otherwise, BitLocker will prompt you for the recovery password.

Article written by

Comments are closed, but trackbacks and pingbacks are open.

%d bloggers like this: