Allowing Bitlocker encryption for non-os disc (Network Steve Forum)

Allowing Bitlocker encryption for non-os disc

Hi there,I am quite positive I am just overlooking something here but... well: a customer of mine will migrate from Vista to 7 in a few weeks. When I prepared his environment for that, I stumbled upon the the new GPO settings regarding Bitlocker. I was able to allow system drive encryption but I cannot find the right option to allow any other volume to be encrypted. Bitlocker, with the current configuration, will just state an error, that only the os volume may be protected with TPM. I would be very greatful for any advice on this. If I left any vital information out, let me know.With kind regardsChristoph SchmidtChristoph Schmidt || IT Consultant @ TOP TECHNOLOGIES CONSULTING || MCITP EA || My Blog || LinkedIn || XING

December 8th, 2009 4:51pm

In Windows 7 any drive can be configured to use BitLocker but if you want to encrypt just a data partition and want it to be unlocked automatically you must also encrypt the operating system partition. You should also be able to encrypt other drives than the operating system partition by default. What is the exact error message and could you provide steps to what you did when you got the error message?

Free Windows Admin Tool Kit Click here and download it now

December 9th, 2009 12:34pm

I use the following command, which worked well with Vista (as far asI remember): cmd /c manage-bde.exe -on D: -rp -rk z:\somepath\ -s -tp 12345678 The exact (german) error is: BitLocker-Laufwerkverschlsselung: Konfigurationstoolversion 6.1.7600 Copyright (C) Microsoft Corporation. Alle Rechte vorbehalten. Volume "D:" [WS-SOMEPC] [Datenvolume] FEHLER: Nur das Betriebssystemvolume darf mit dem TPM geschtzt werden. The last line translates like "ERROR: Only the operating system volume may be protected with TPM".Am I using the wrong approach here?Thanks for your help! Christoph Schmidt || IT Consultant @ TOP TECHNOLOGIES CONSULTING || MCITP EA || My Blog || LinkedIn || XING

December 9th, 2009 12:50pm

The -tp switch means "Adds a TPM And PIN protector for the OS volume." which is not applicable if you are encrypting a non-OS partition. So leave out "-tp 12345678" and off you go!

Free Windows Admin Tool Kit Click here and download it now

December 9th, 2009 2:40pm

Thank you very much! :)Christoph Schmidt || IT Consultant @ TOP TECHNOLOGIES CONSULTING || MCITP EA || My Blog || LinkedIn || XING

December 9th, 2009 6:00pm

This topic is archived. No further replies will be accepted.