Share via


Using the BitLocker Drive Preparation Tool for Windows 7

Applies To: Windows 7, Windows Server 2008 R2

To enable BitLocker Drive Encryption on the operating system drive, a separate, active system partition is required. The system partition contains the files needed to start the operating system, and the partition cannot be encrypted. In Windows 7, a separate, active system partition is created automatically. By default, the system partition does not have a drive letter so that it is not easily accessible by the user. This default setup configuration does not require any manual drive configuration and is the easiest to manage.

If you are upgrading from a previous version of Windows or installing Windows 7 on a new computer with a single partition, when you turn on BitLocker from the Control Panel or from Windows Explorer, the BitLocker setup wizard automatically configures the target drive for BitLocker when BitLocker is turned on by creating the separate, active system partition. However, in some rare situations you may need to manually prepare the drive for BitLocker. Also, if you want to use Windows Management Instrumentation (WMI) scripts to enable BitLocker on a large number of computers that have a single partition configuration, you can prepare the drive by using the BitLocker Drive Preparation (BdeHdCfg) command-line tool before using the Manage-bde command-line tool to enable BitLocker. The BdeHdCfg command-line tool provides the same drive preparation functionality as the BitLocker Control Panel interface, but the tool provides greater control over the type and sizes of the partitions that will be created. The BdeHdCfg command-line tool writes to the event log under the Microsoft-Windows-BitLocker-DrivePreparationTool event provider and is included as part of the Windows 7 Enterprise or Windows 7 Ultimate installation.

For more information, see the BdeHdCfg.exe Parameter Reference.