Bitlocker Redux

[mqudsi]

Maybe this will help?

Windows Vista includes a new hard drive encryption feature called BitLocker Drive Encryption. BitLocker can be a very useful security feature for businesses and home users that have sensitive and confidential information stored on their computer. Unfortunately, BitLocker Drive Encryption by default requires a Trusted Platform Module (TPM Chip) version 1.2 or later installed in your computer. A lot of the computers and laptops on the market do not come with TPM chips installed since they are typically only found in premium model business computers. If you have Windows Vista Business, Ultimate or Enterprise but do not have a TPM chip, you can still use BitLocker Drive Encryption.

Hidden away in local group policy is a setting that will allow you to turn on the ability to use a USB storage device instead of a TPM key to store the encryption key. This is a great feature for users that don't have the latest high-end hardware because you can still use hard drive encryption. However, every time you turn on your computer, the USB storage device that has the encryption key located on it must be plugged in. Without it, your computer will not boot up. One BitLocker Drive Encryption is setup with a USB storage device, that USB storage device basically becomes the key to your computer.

Press the Windows button, type gpedit.msc and press Enter.
Navigate through: Computer Policy, Administrative Templates, Windows Components and BitLocker Drive Encryption. Right click on Control Panel Setup: Enable advanced startup options and select Properties.
Check Enabled and click OK.

 

[Ex_Brit]

Thanks, I already did that + ran the Bitlocker disk preparation tool. I may have to format and reinstall Vista anyway. I used the Vista disk management yesterday to re-do the second partition on that disk from logical to primary and for some reason when I go into XP Norton partition magic is saying that the whole disk is "bad". Will do a few error checks and sort it out I am sure.

 

[mqudsi]

I think that means it is working. Norton can't view that the partition is whole and healthy because Norton (from XP) can't access it

 

[Ex_Brit]

I just deleted the spare partition on the Vista disk. Then went back into XP. Norton no longer saw it as a complete bad disk but saw Vista as healthy and an unallocated partition right after it, so I formatted that as logical/extended again and all is fine now. It was also not appearing in XP's disk management before so something obviously went awry when I made it into a primary partition.
That's the first and last time I'll use Windows to partition anything.

 

[mqudsi]

Seems your MBR was messed up... I use and recommend Acronis Disk Director 10 - there's a new version with complete Vista support and it works great. Why? It uses a Linux codebase!

 

[Ex_Brit]

I really should get a Vista ready partitioner. I like Acronis and was about to order Acronis True Image 10 so might make it a bundle. I have a discount coupon from them I can use.

Norton PM is very reliable, but has to be installed in XP only, but it can deal with the Vista partition from there.

 

[mqudsi]

Partition Magic's problem is Norton. Norton killed it.

I don't think PM has been updated since 2002. Norton bought it from PowerQuest and left it to rot..... (Well, it was repackaged after the purchase, but only for re-branding, no actual code or feature changes).

 

[Ex_Brit]

Pity really. Symantec could have made a killing if they had updated it, because it is so easy to use.

Back to the Bitlocker realm. I've been told by someone on the M$ NG's that I should try getting rid of the software/U3 Launchpad etc on my flash drive and try again. I'm not willing to do that unless I can get it back so I fired off a message to Sandisk for a verdict on that. Right now they do have the software available on their website but it isn't Vista ready yet, whereas the one on my U3 is Vista ready.
This drive has only been on the market for a few days!

 

[mqudsi]

You can "clone" the contents of your USB drive, then write it back if it fails....

If you're interested, I can walk you through the steps.

Warning: Involves 3rd party (free) command line programs!

 

[Ex_Brit]

OK......but if it's Linux, you know how it hates me....!! In XP or Vista?

At present the drive is divided into 1 5.25mb CDFS partition which has the U3 software and the rest is FAT32.

 

[mqudsi]

Lol, it's Windows the whole way. Under the hood is code from Linux, that's all. Pretend I never said it

Download the trial and see for yourself.

 

[Ex_Brit]

Trial of what? By the way, this prompted me to check my Acronis True Image 9.....it's corrupted so am in the process of uninstalling/reinstalling.

 

[mqudsi]

Trial of Disk Director.... to see if you like it + how it works

 

[Ex_Brit]

Ok I've downloaded it into XP because I happened to be booted into that - haven't installed it yet as I think I'll do that in Vista instead. Is this what I'm supposed to use to clone my USB drive????? (True Image wont).

 

[Ex_Brit]

Installed it in Vista.....seems to be fairly straightforward.
Unlike Norton, it sees my U3 drive, but only the usable portion. The system portion is shown as "unallocated" which I expected.

 

[mqudsi]

No. This is.

 

[Ex_Brit]

Post notifications seem to be slow in getting through. I had no idea you had answered until I just happened to drop in here.

Now you don't honestly expect me to understand anything in that link do you? It might as well be in ancient Sanskrit as far as I'm concerned.
Can't they make things easy these days?

Anyway, I found another post saying that it didn't matter if there was software already installed on the darn thing. I wish someone would write a proper tutorial on this procedure - designed for dummies like me.

 

[mqudsi]

Lol... I can just see it:

The yellow and black cover, the "dummy" pointing his finger at the title: "Bitlocker for Dummies" :lol:

 

[Ex_Brit]

Now I'm getting a red event in the EV every 5 minutes....loud sigh....!!

I've made sure the service is started and automatic. This all started when
I had a problem with the partition directly after my Vista one and had to
format it. It wasn't however, a system volume, but rather just a backup
volume.
Can't find any info that helps find a solution.

Log Name: Application
Source: Microsoft-Windows-CAPI2
Date: 01/07/2007 4:18:22 PM
Event ID: 256
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: R2D2
Description:
The Cryptographic Services service failed to initialize the Catalog 
Database. The error was: 5 (0x5) : Access is denied.
.
Event Xml:
<Event xmlns="[URL="mhtml:{9217D695-68AE-42E7-B3BA-746D4CEB27B2}mid://00000016/!x-usc:http://schemas.microsoft.com/win/2004/08/events/event"][U][COLOR=#0066cc]http://schemas.microsoft.com/win/2004/08/events/event[/COLOR][/U][/URL]">
<System>
<Provider Name="Microsoft-Windows-CAPI2" 
Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" 
EventSourceName="Microsoft-Windows-CAPI2" />
<EventID Qualifiers="49154">256</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2007-07-01T20:18:22.000Z" />
<EventRecordID>12411</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>R2D2</Computer>
<Security />
</System>
<EventData>
<Data>5 (0x5)</Data>
<Data>Access is denied.
</Data>
</EventData>
</Event>

 

[mqudsi]

System Restore is your friend (or so we hope).