Summary
When FDE for BitLocker is installed on computers with only one partition, it cannot trigger BitLocker to start the encryption.
Details
To enable BitLocker Drive Encryption on the operating system drive, a separate, active system partition is required. The system partition contains the files needed to start the operating system and the partition cannot be encrypted.
In Windows 7, a separate, active system partition is created automatically.
Note: By default, the system partition does not have a drive letter so that it is not easily accessible by the user.
When you check in Computer Management > Storage > Disk Management, there are two system partitions. A 100 MB system partition is present as shown below.
However, in certain computers, there is only one partition which acts as a system partition and a boot partition. When FDE for Bitlocker is installed on these computers, it cannot trigger the BitLocker to start the encryption.
To resolve this issue, create a separate system partition:
-
Go to Start > Control Panel > System and Security > BitLocker Drive Encryption. Click Turn on BitLocker.
- In the BitLocker Drive Encryption setup page, click Next.
-
Windows will start to prepare your drive for BitLocker. Click Next.
Windows will start to create the system partition.
- After the system partition is created, click Restart now.
- After the computer has restarted, BitLocker is ready to encrypt the drive. Click Next.
-
Because we want to initiate the encryption from FDE for BitLocker, click Cancel to cancel encrypting the drive.
-
Go to Computer Management > Storage > Disk Management to verify if the system partition is created.
-
Proceed with the installation of the FDE for BitLocker. Refer to the KB article Installing Full Disk Encryption (TMFDE) for Microsoft BitLocker.
