If you end up doing bitlocker refresh/reinstallations then a 1gb or more bde partition is recommended particularly if you are unlocking an encrypted drive in winpe and rebooting, it will stage your boot win in that partition
Take a look at the cm12 bitlocker HTA. http://www.windows-noob.com/forums/index.php?/topic/7294-the-cm12-bitlocker-frontend-hta/ http://vimeo.com/60836455 Sent from my phone, please excuse any typo's as a result. > On 3 apr 2014, at 16:45, <[email protected]> wrote: > > unless you are deploying the recovery environment WinRE, you only need a > 500mb BDE partition. you also should not assign a drive letter to it 😉 > > > > Sent from Windows Mail > > From: Mike Dzikowski > Sent: ‎Thursday‎, ‎April‎ ‎3‎, ‎2014 ‎10‎:‎39‎ ‎AM > To: [email protected] > > http://support.microsoft.com/kb/933246 > > Example scenario 1 > The target system has a single partition. To prepare the computer for > BitLocker, you want to split the operating system partition. You want the > following conditions to be true: > > > The size of the new partition is 1500 MB. > The new partition uses X for the drive letter. > During the operation, confirmation dialog boxes do not appear. > The system restarts when the operation is completed. > To use these settings, run the following command at a command prompt: > > > BdeHdCfg.exe -target c: shrink -newdriveletter x: -size 1500 -quiet -restart > > Sounds like your scenario. > > > Date: Wed, 2 Apr 2014 16:05:36 -0400 > Subject: [mssms] Need to deploy BitLocker to machines in the field without > the needed partitions > From: [email protected] > To: [email protected] > > Hi Guys, > > > > We’ve got maybe 2~3k systems here at $Client.Name that were built without > the partitions needed to support BitLocker, and now we need to encrypt them > without refreshing them to correct the partitions. > > > > During my initial googles, I found this article which makes mention of the > ZTIBde resource in the MDT Toolkit, for precisely this sort of situation. It > seems this tool will use diskpart to shrink the last 300 MB of the drive, and > then handle storing the necessary files for BitLocker there. Has anyone used > this in the wild? I’m always cautious when adjusting partitions on existing > drives with user data. > > > > I've got an existing 'Encrypt' TS that works fine for systems with the > needed partitions. I'd like to be able to use the ZTIBde.wsf script to fix > the partitions on the machines, then encrypt them. > > > Are there any pitfalls I should know about? Any tips? > > > Thanks, > > > > > >
