Hyper-V, Virtual PC, Virtual Server, Virtualization, Windows
Leave a comment

BitLocker Drive Encryption configuration under Hyper-V

first things first. I did not discover this method. It was blogged over here. However, it was written for Virtual PC and Virtual Server. I gave it try on Hyper-V and found that it works with little change to the steps mentioned in the original article. Here you go…

  1. Create a new Virtual Floppy Disk
    This can be done by selecting New -> Floppy Disk under Action menu of Hyper-V Manager MMC
  2. Create a new virtual machine with your preferred settings
  3. Start Windows 2008 or Vista (any flavor that supports BDE) install and follow the below partitioning layout. You need to run the below commands at command prompt. You can open a command prompt by pressing Shift+F10
    select disk 0
    create partition primary size=1500
    assign letter=S
    create partition primary
    assign letter=C
    format c: /y /q /fs:NTFS
    format s: /y /q /fs:NTFS
  4. After the install is complete just turnoff the new VM and edit it’s settings to attach the VFD created in step 1
  5. Reboot the guest and install BitLocker Drive Encryption feature using Server Manager
  6. Run gpedit.msc and go to Local Computer Policy, Computer Configuration, Administrative Templates, Windows Components and then BitLocker Drive Encryption
  7. Double click on Control Panel Setup: Enable advanced startup options, select Enabled and make sure Allow BitLocker without a compatible TPM is checked
  8. At the command prompt, format a:(This is required to make sure the manage-bde.wsf works fine)
  9. At the command prompt,
    cscript c:\Windows\System32\manage-bde.wsf -on C: -rp -sk A:
  10. This will prompt you to reboot your system to check if the virtual floppy (or A:) is accessible during reboot
  11. After the reboot, check BDE option under Control Panel -> Security to make sure BDE is enabled on C:

From now on, you need to have the VFD attached to the guest every time you reboot. Otherwise, BitLocker will prompt you for the recovery password.