Applies ToWindows Vista Ultimate Windows Vista Enterprise Windows Vista Ultimate 64-bit Edition Windows Vista Enterprise 64-bit Edition Windows Vista Service Pack 2 Windows Server 2008 Datacenter Windows Server 2008 Enterprise Windows Server 2008 Standard Windows Server 2008 Service Pack 2

INTRODUCTION

The BitLocker Drive Preparation Tool is available. You can use this tool to prepare the computer for BitLocker Drive Encryption.This article describes how to obtain this tool. This article also provides an operational overview of the tool. This overview includes system requirements and command-line parameters. Finally, this article describes the most common problems that you may encounter when you use the tool.

More Information

How to obtain the BitLocker Drive Preparation Tool

Windows Vista Ultimate and Windows Vista Ultimate Service Pack 1

If you are using Windows Vista Ultimate, follow these steps to obtain the tool:

  1. Click Start  Start button  , typeWindows Update in the Start Search box, and then press ENTER.

  2. Click Check for updates.

  3. Click View available Extras.

  4. Click to select the BitLocker and EFS enhancements check box, and then click Install.

Windows Vista Enterprise and Windows Server 2008 for x86-based Systems(KB933246)

If you are using Windows Vista Enterprise or Windows Server 2008 for x86-based Systems, visit the following Microsoft Web site to obtain to tool:

http://www.microsoft.com/download/details.aspx?FamilyId=b9b5378e-0851-44e3-ba33-a7df1c75c2f3

Windows Vista Enterprise and Windows Server 2008 for x64-based Systems (KB933246)

If you are using Windows Vista Enterprise or Windows Server 2008 for x64-based Systems, visit the following Microsoft Web site to obtain to tool:

http://www.microsoft.com/download/details.aspx?FamilyId=876543bf-2336-4324-9f67-3f351b136ded

When you install this tool, the tool adds an item to the Start menu. To start the BitLocker Drive Preparation Tool, use one of the following methods:

  • Click Start, point to All Programs, click Accessories, click System Tools, click BitLocker, and then double-clickBitLocker Drive Preparation Tool.

  • Click Start, typeBitLocker in the Start Search text box, and then click BitLocker Drive Preparation Tool in thePrograms list.

After the tool finishes preparing the drive, you must restart the computer. Then, you can use the Security item in Control Panel to enable BitLocker.

How to prepare the hard disk for BitLocker Drive Encryption

To encrypt drives and to verify boot integrity, BitLocker requires at least two partitions. These two partitions make up a split-load configuration. A split-load configuration separates the main operating system partition from the active system partition from which the computer starts.The BitLocker Drive Preparation Tool automates the following processes to make the computer ready for BitLocker:

  • Creating the second volume that BitLocker requires

  • Migrating the boot files to the new volume

  • Making the volume an active volume

When the tool finishes, you must restart the computer to change the system volume to the newly created volume. After you restart the computer, the drive will be configured correctly for BitLocker. You may also have to initialize the Trusted Platform Module (TPM) before you turn BitLocker on.

System requirements

To create a new partition or to merge unallocated space with an existing partition, the target system must meet the following requirements:

  • A genuine version of Windows Vista Ultimate, Windows Vista Enterprise, Windows Vista Ultimate Service Pack 1, Windows Vista Enterprise Service Pack 1, or Windows Server 2008 must be installed.

  • The active partition must contain boot configuration data and boot files.

  • The target partition must meet the following requirements:

    • The partition must be on a simple disk that is initialized for basic storage.

    • The partition must be a primary partition. Extended drives and logical drives are not supported.

    • The partition must be formatted by using the NTFS file system.

    • The partition must not be compressed.

    • The cluster size of the partition must be less than 4 KB or equal to 4 KB.

    • The partition is not using software spanning, software mirroring, or software RAID. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

      314343 Basic storage versus dynamic storage in Windows XPNote This tool works correctly in hardware RAID configurations.

    • For a split operation, at least 10 percent of the active partition must remain free after the partition size is reduced by 1.5 gigabytes (GB).

    • For a merge operation, the partition's total capacity must be at least 1.5 GB. Also, the partition must have at least 800 MB of free disk space.

  • Before you run the BitLocker Drive Preparation Tool on a Windows Server 2008-based computer, you must first install the BitLocker Drive Encryption optional component. To do this, follow these steps:

    1. Click Start, click Control Panel, and then double-click Programs and Features.

    2. In Programs and Features, underTasks, click Turn Windows features on or off. If the User Account Control dialog box appears, clickContinue. Or, provide administrator credentials.

    3. In the Features Summary field, clickAddFeatures, and then select BitLocker Drive Encryption.

    4. Click Next, clickInstall, click Close, and then clickYes to restart the computer.

The following chart shows the target system requirements.

Operational overview

Target system configurations

The BitLocker Drive Preparation Tool supports Windows Vista Ultimate, Windows Vista Enterprise, Windows Vista Ultimate Service Pack 1, Windows Vista Enterprise Service Pack 1, and Windows Server 2008. This tool successfully creates a split-load configuration when the active state, the system state and the boot state are all assigned to the same simple volume.

Default operational procedure

When the BitLocker Drive Preparation Tool starts, it tries to create a split-load configuration by using the following methods, in order of preference:

  • Merge unallocated space with a type 0x7 Windows Recovery (WinRE) partition

  • Create a new partition from unallocated space

  • Split an existing partitionNote The tool tries to split the current active partition. If this action fails, the tool splits the largest available partition.

  • Merge unallocated space with the smallest suitable partition

Preferred order of operations

The following chart shows the preferred order of operations that the BitLocker Drive Preparation Tool follows.

Command-line parameters

The BitLocker Drive Preparation Tool uses a simple set of command-line parameters. These parameters make integration with enterprise deployment tools more flexible. Enterprise deployment tools include Microsoft Systems Management Server (SMS) and Microsoft Business Desktop Deployment (BDD). The parameters also provide customized deployment options. The following table lists the parameters. The parameters are not case-sensitive.

Parameter

Description

Notes

[-?] [/?]

Help - Provides a brief description of the tool's purpose and parameters

[-driveinfo]

Displays the drive letter, the total size, the maximum free space, and the partition characteristics

Only valid partitions are listed. Characteristics are noted only for WinRE, operating system, and unallocated partitions.

[-target {unallocated ¦ drive: {shrink ¦ merge}}]

Indicates the desired operation for target partition: create a new partition from unallocated disk space, split the target partition to create a new partition, or merge unallocated space with the target partition

Cannot merge unallocated spaced with the operating system partition. Unallocated space is not listed if four primary or extended partitions already exist.

[-newdriveletter] ¦ DriveLetter:]

Indicates the drive letter for the newly created partition

Letters A, B, and C are excluded. If no letter is indicated, the first available drive letter backward from S is applied.

[-size ¦ SizeInMegabytes]

Indicates the size in megabytes for the new partition

The minimum size is 1500 MB. At least 10 percent of the target partition must be free after the new partition is created.

[-quiet]

Suppresses confirmation text to avoid user interaction

[-restart]

Restarts the system immediately after all operations are complete

Restarts immediately, regardless of open files or other users logged in.

Example scenario 1

The target system has a single partition. To prepare the computer for BitLocker, you want to split the operating system partition. You want the following conditions to be true:

  • The size of the new partition is 1500 MB.

  • The new partition uses X for the drive letter.

  • During the operation, confirmation dialog boxes do not appear.

  • The system restarts when the operation is completed.

To use these settings, run the following command at a command prompt:

BdeHdCfg.exe -target c: shrink -newdriveletter x: -size 1500 -quiet -restart

Example scenario 2

The target system has more than one partition. To prepare the computer for BitLocker, you want to merge unallocated space with an existing partition. You want the following conditions to be true:

  • During the operation, confirmation dialog boxes do not appear.

  • The system restarts when the operation is completed.

To use these settings, run the following command at a command prompt:

BdeHdCfg.exe -target d: merge -quiet -restart

A common problem

You may receive the following error message when you use the BitLocker Drive Preparation Tool:

[E_BDECFG_NO_CANDIDATES]The BitLocker Drive Preparation Tool could not find a target system drive. You may need to manually prepare your drive for BitLocker.

This error may occur in one of the following scenarios.

Scenario 1: You do not have sufficient free disk space

At least 10 percent of the active partition must remain free after the partition size is reduced by 1.5 gigabytes (GB). To resolve this error, move files to another partition or delete files.

Scenario 2: The partition contains files that cannot be moved

The BitLocker Drive Preparation Tool may resize partitions to prepare a hard disk for BitLocker. Occasionally, some unmovable files may prevent the tool from defragmenting and resizing partitions. These files may include any of the following items:

  • Page files

  • Hibernation files (Hiberfil.sys)

  • The registry

  • NTFS metadata files. These files include the following files and others:

    • $mftmirr

    • $secure

    • $volume

This issue may occur even if the operating system is newly installed.To work around this error, use one of the following methods:

  • Temporarily disable hibernation option and hard disk paging. Then, use the Windows Preinstallation Environment to delete the Hiberfil.sys file and the Pagefile.sys file. Restart the computer in Windows Vista. Then, run the BitLocker Drive Preparation Tool again.

  • Reinstall Windows Vista.

You receive one of the error messages when you run the BitLocker Drive Preparation tool on a Windows Server 2008-based server

When you use the BitLocker Drive Preparation tool on a Windows Server 2008-based server, you may receive one of the following error messages:

The BitLocker Drive Preparation Tool cannot be used in this version of Windows. Upgrade Windows.

An unexpected error occurred while running the BitLocker Drive Preparation Tool. You may have to manually prepare your drive for BitLocker.

Note If you install the BitLocker Drive Preparation Tool from the MSU package, you will see only the first error message in this topic. However, it is possible that you copy the binary files from an earlier release of the BitLocker Drive Preparation Tool. Then, you will see the second error message.To resolve this issue, install the BitLocker Drive Encryption optional component. To do this, follow these steps that are mentioned in the "System requirements" section.

You receive an error message when you try to enable BitLocker Drive Encryption on an IBM portable computer

When you try to enable BitLocker Drive Encryption on an IBM portable computer that is running Windows Vista, you may receive the following error message:

Insufficient disk space for BitLocker Drive Encryption to encrypt the drive. Use disk maintenance tools to repair the disk and try again.

To resolve this problem, follow these steps.Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in WindowsTo have us resolve this problem for you, go to the "Fix it for me" section. If you prefer to fix this problem yourself, go to the "Let me fix it myself" section.

Fix it for me

To fix this problem automatically, click the Fix it button or link. Then click Run in the File Download dialog box, and follow the steps in the Fix it wizard.

Notes

  • This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.

  • If you are not on the computer that has the problem, save the Fix it solution to a flash drive or a CD and then run it on the computer that has the problem.

Then, go to the "Did this fix the problem?" section.

Let me fix it myself

  1. Click Start the Start button , typeregedit in the Start Search box, and then click regedit in the Programslist.

  2. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

  3. Verify the data type of the PagingFiles registry entry. If the data type is REG_SZ, follow these steps:

    1. Note the value data for the PagingFiles registry entry.

    2. Back up the following registry subkey:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

    3. Right-click PagingFiles, and then click Delete.

    4. Click Yes when you are prompted.

    5. On the Edit menu, point toNew, and then click Multi-String Value.

    6. Type PagingFiles, and then press ENTER.

    7. On the Edit menu, clickModify.

    8. In the Value data box, type the value data that you noted in step 3a, and then click OK.

    9. Exit Registry Editor.

  4. Restart the computer.

For more information about security for portable computers that are running Windows Vista, visit the following Lenovo Web site:

http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-67210The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Did this fix the problem?

  • Check whether the problem is fixed. If the problem is fixed, you are finished with this section. If the problem is not fixed, you can contact support.

  • We would appreciate your feedback. To provide feedback or to report any issues with this solution, please leave a comment on the "Fix it for me" blog or send us an email message.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.