Use bitlocker to encrypt different parrtition

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Is it possible to use bitlocker to encrypt an other partition than the
windows Vista systempartition (for example encrypt D: rather than C:)?

Regards,
Rob
 
Yes, with the BitLocker command line tool you can do this, but it is
unsupported on Vista. It is supposed to be supported on Windows Server
Codename Longhorn.

The tool is manage-bde.wsf.

BTW, you cannot encrypt the system partition at all. You can encrypt the
boot volume. Remember, the system volume is the one you boot from and it must
remain clear-text. The boot volume is the one with the operating system, and
it can be encrypted.


---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20


Richard G. Harper said:
Nope.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* NEW! Catch my blog ... http://msmvps.com/blogs/rgharper/
* PLEASE post all messages and replies in the newsgroups
* The Website - http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


R.Demandt said:
Is it possible to use bitlocker to encrypt an other partition than the
windows Vista systempartition (for example encrypt D: rather than C:)?

Regards,
Rob
Click to expand...
Click to expand...
 
So if someone was to steal my laptop partitioned, C: OS and E: Documents,
Windows would be secured and my Documents left unsecure?? Or can it affect
the whole disk regardless of partitoning? Bit of a miss there if it can't

Jesper said:
Yes, with the BitLocker command line tool you can do this, but it is
unsupported on Vista. It is supposed to be supported on Windows Server
Codename Longhorn.

The tool is manage-bde.wsf.

BTW, you cannot encrypt the system partition at all. You can encrypt the
boot volume. Remember, the system volume is the one you boot from and it must
remain clear-text. The boot volume is the one with the operating system, and
it can be encrypted.


---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20


Richard G. Harper said:
Nope.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* NEW! Catch my blog ... http://msmvps.com/blogs/rgharper/
* PLEASE post all messages and replies in the newsgroups
* The Website - http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


R.Demandt said:
Is it possible to use bitlocker to encrypt an other partition than the
windows Vista systempartition (for example encrypt D: rather than C:)?

Regards,
Rob
Click to expand...
Click to expand...
Click to expand...
 
Correct. The assumption is that on workstations you should not (contrary to
the view that was often espoused for some reason with NT 4.0) put data on a
separate volume. Servers are different, which is why encrypting non-boot
volumes is going to be supported in Longhorn Server.

BitLocker is billed in the press as "full disk encryption" but it is really
better thought of as "full volume encryption" and if you read Microsoft's
documentation, that is how it is referred to. It never claimed to support
encrypting the entire disk. It encrypts volume by volume only.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20


JD said:
So if someone was to steal my laptop partitioned, C: OS and E: Documents,
Windows would be secured and my Documents left unsecure?? Or can it affect
the whole disk regardless of partitoning? Bit of a miss there if it can't

Jesper said:
Yes, with the BitLocker command line tool you can do this, but it is
unsupported on Vista. It is supposed to be supported on Windows Server
Codename Longhorn.

The tool is manage-bde.wsf.

BTW, you cannot encrypt the system partition at all. You can encrypt the
boot volume. Remember, the system volume is the one you boot from and it must
remain clear-text. The boot volume is the one with the operating system, and
it can be encrypted.


---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20


Richard G. Harper said:
Nope.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* NEW! Catch my blog ... http://msmvps.com/blogs/rgharper/
* PLEASE post all messages and replies in the newsgroups
* The Website - http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


Is it possible to use bitlocker to encrypt an other partition than the
windows Vista systempartition (for example encrypt D: rather than C:)?

Regards,
Rob
Click to expand...
Click to expand...
Click to expand...
 
It must be said though that that does limit it's appeal, to those that
partition, and we do it incase the system fails we can either re-install or
recover are documents. There may well be others who may pay the premium price
for Ultimate to find this out, as it's labelled "Bit Locker Drive Encryption"
they may take that to mean the disk in a whole regardless of partitions. Thnx
for the info though

Jesper said:
Correct. The assumption is that on workstations you should not (contrary to
the view that was often espoused for some reason with NT 4.0) put data on a
separate volume. Servers are different, which is why encrypting non-boot
volumes is going to be supported in Longhorn Server.

BitLocker is billed in the press as "full disk encryption" but it is really
better thought of as "full volume encryption" and if you read Microsoft's
documentation, that is how it is referred to. It never claimed to support
encrypting the entire disk. It encrypts volume by volume only.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20


JD said:
So if someone was to steal my laptop partitioned, C: OS and E: Documents,
Windows would be secured and my Documents left unsecure?? Or can it affect
the whole disk regardless of partitoning? Bit of a miss there if it can't

Jesper said:
Yes, with the BitLocker command line tool you can do this, but it is
unsupported on Vista. It is supposed to be supported on Windows Server
Codename Longhorn.

The tool is manage-bde.wsf.

BTW, you cannot encrypt the system partition at all. You can encrypt the
boot volume. Remember, the system volume is the one you boot from and it must
remain clear-text. The boot volume is the one with the operating system, and
it can be encrypted.


---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20


:

Nope.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* NEW! Catch my blog ... http://msmvps.com/blogs/rgharper/
* PLEASE post all messages and replies in the newsgroups
* The Website - http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm


Is it possible to use bitlocker to encrypt an other partition than the
windows Vista systempartition (for example encrypt D: rather than C:)?

Regards,
Rob
Click to expand...
Click to expand...
Click to expand...
 
It must be said though that that does limit it's appeal, to those that
partition, and we do it incase the system fails we can either re-install or
recover are documents. There may well be others who may pay the premium price
for Ultimate to find this out, as it's labelled "Bit Locker Drive Encryption"
they may take that to mean the disk in a whole regardless of partitions. Thnx
for the info though
Click to expand...

There is talk of extending BDE to cover non-boot partitions in the future,
perhaps with Vista SP1. In the interim, you can always use EFS to protect
the non-boot partitions.

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea
 
There is nothing really inherent in BitLocker that prevents it from doing
encryption of multiple volumes. In Longhorn Server it can do it easily. It
just is not tested and supported in the GUI on Vista RTM.
 
There is nothing really inherent in BitLocker that prevents it from doing
encryption of multiple volumes. In Longhorn Server it can do it easily. It
just is not tested and supported in the GUI on Vista RTM.
Click to expand...

I understand that, however, my understanding is that there are some changes
in Longhorn that provide additional support for BDE on non-boot volumes,
for example, automatically unlocking the contents of the non-boot volume,
that aren't in Vista presently.

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea
 
That's why it is not considered a tested and supported feature I believe.
Just 'cause something works doesn't mean it is a good idea. :-)
 
That's why it is not considered a tested and supported feature I believe.
Just 'cause something works doesn't mean it is a good idea. :-)
Click to expand...

Understood, and I wasn't advocating that BDE be used on non-boot volumes on
Vista RTM. I was just saying that there have been rumours that additional
support for this scenario may appear in the Vista SP1 timeframe...

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea
 
Back
Top