To enable BitLocker Drive Encryption on the operating system drive, a separate, active system partition is required. The system partition contains the files needed to start the operating system and the partition cannot be encrypted.
In Windows 7, a separate, active system partition is created automatically.
Note: By default, the system partition does not have a drive letter so that it is not easily accessible by the user.
When you check in Computer Management > Storage > Disk Management, there are two system partitions. A 100 MB system partition is present as shown below.
However, in certain computers, there is only one partition which acts as a system partition and a boot partition. When FDE for Bitlocker is installed on these computers, it cannot trigger the BitLocker to start the encryption.
To resolve this issue, create a separate system partition:
-
Go to Start > Control Panel > System and Security > BitLocker Drive Encryption. Click Turn on BitLocker.
- In the BitLocker Drive Encryption setup page, click Next.
-
Windows will start to prepare your drive for BitLocker. Click Next.Windows will start to create the system partition.
- After the system partition is created, click Restart now.
- After the computer has restarted, BitLocker is ready to encrypt the drive. Click Next.
-
Because we want to initiate the encryption from FDE for BitLocker, click Cancel to cancel encrypting the drive.
-
Go to Computer Management > Storage > Disk Management to verify if the system partition is created.
-
Proceed with the installation of the FDE for BitLocker. Refer to the KB article Installing Full Disk Encryption (TMFDE) for Microsoft BitLocker.