http://support.microsoft.com/kb/933246 Example scenario 1 The target system has a single partition. To prepare the computer for BitLocker, you want to split the operating system partition. You want the following conditions to be true:
The size of the new partition is 1500 MB.The new partition uses X for the drive letter.During the operation, confirmation dialog boxes do not appear. The system restarts when the operation is completed. To use these settings, run the following command at a command prompt: BdeHdCfg.exe -target c: shrink -newdriveletter x: -size 1500 -quiet -restart Sounds like your scenario. Date: Wed, 2 Apr 2014 16:05:36 -0400 Subject: [mssms] Need to deploy BitLocker to machines in the field without the needed partitions From: [email protected] To: [email protected] Hi Guys, We’ve got maybe 2~3k systems here at $Client.Name that were built without the partitions needed to support BitLocker, and now we need to encrypt them without refreshing them to correct the partitions. During my initial googles, I found this article which makes mention of the ZTIBde resource in the MDT Toolkit, for precisely this sort of situation. It seems this tool will use diskpart to shrink the last 300 MB of the drive, and then handle storing the necessary files for BitLocker there. Has anyone used this in the wild? I’m always cautious when adjusting partitions on existing drives with user data. I've got an existing 'Encrypt' TS that works fine for systems with the needed partitions. I'd like to be able to use the ZTIBde.wsf script to fix the partitions on the machines, then encrypt them. Are there any pitfalls I should know about? Any tips? Thanks,
