How to create a BitLocker System Partition [Part 2]

Posted on Christian By Christian No Comments on How to create a BitLocker System Partition [Part 2]
troubleshoot

If your device is missing the BitLocker partition, this guide will show you how to create a BitLocker System Partition. Securing your data and operating system is paramount, and the BitLocker System Partition is pivotal in achieving this. BitLocker Drive Encryption secures offline data and OS, preventing drive tampering. Please see What are System Partition and Boot Partition in Windows?, how to Disable BitLocker on Windows 10, and Initialize and format a virtual disk: How to add and remove a new virtual disk from a VM on VMware Workstation.

MBAM, an admin interface, is integral, enabling effective encryption management. Using MBAM, you can customize BitLocker encryption policies, optimizing your enterprise configuration and actively monitoring security compliance.

Enabling BitLocker System Partition encryption for devices is not automatic when using local accounts. However, you can manually enable this encryption through the BitLocker Control Panel. Group Policies implement encryption enforcement on the BitLocker System Partition within the MBAM framework.

You may also want to see “How to convert a GPT disk into an MBR disk – Error: Windows cannot be installed on drive 0 Partition 1“, and how to extend System Drive Partition,

The BdeHdCfg.exe is a BitLocker Drive Encryption (Drive Preparation Tool). This file is part of the Microsoft Windows Operating System. It is a system and hidden file usually located in the %SYSTEM% folder. Partitions are necessary because you can’t write files on a blank drive.

Before discussing this solution and ways to fix this issue, instead of running this command on the fly, I would like to discuss the various BitLocker drive encryption hardware requirements.

BitLocker drive encryption hardware requirements

BitLocker drive encryption uses a system partition separate from the Windows partition. The BitLocker system partition must meet the following requirements.

  • The active partition configuration designates the BitLocker system partition.
  • Do not encrypt the BitLocker system partition.
  • The BitLocker system partition must have at least 250 MB of free space, above and beyond any space used by required files. You can utilize this extra system partition to host Windows Recovery Environment (RE) and OEM tools (from the OEM), ensuring it retains a minimum of 250 MB free space.

These same requirements above apply to MBAM. If you are provisioning an MBAM device and encounter an unavailable or uncreatable partition, you’ll receive the error “System Partition not available or large enough.”

MBAM doesn’t create the system partition automatically. You can use the BitLocker drive preparation utility (bdehdcfg.exe) to create the system partition. I have created a guide for some common errors but I feel I should discuss this specific issue in detail.

Please see how to fix System Partition not available or large enough on Microsoft BitLocker Administration and Monitoring [Part 1].

Resolution to fixing missing BitLocker Partition

In order to benefit from the advanced security option associated with UEFI, I will performa re-installation in UEFI -mode. But if it happens that the device is running on UEFI, then the system drive might be full. In this case, you would have to do some disk cleanup using the in-built Disk Cleanup tool.

Note: Now you can decide to create the BitLocker partition using the following command “BdeHdCfg -target default -quiet”, or let BitLocker create it for you automatically. Most installations of Windows will not need to use this tool because BitLocker setup includes the ability to prepare and repartition drive as required. This is because, by default, most system drives are prepared for BitLocker.

Also, the .NET Framework version required by Device Encryption is installed on the endpoints automatically.

fix

You can omit the switch “-quiet” to view the command-line interface output. If the switch is included, to view any errors that occurred during drive preparation, review the system event log under the Microsoft-Windows-BitLocker-DrivePreparationTool event provider below.

IBitLocker

Also, see  how to create MBAM Enterprise and Compliance, and Recovery Audit reports, and MBAM reports cannot be accessed because it could not load folder contents.

Pre-Encryption Validation Process and Potential Error Scenarios

Note: After resolving the discussed issue, MBAM or BitLocker will conduct these tests before enabling Automatic BitLocker or MBAM encryption on Windows devices. Otherwise, it will fail with any of the following errors: Understanding Microsoft BitLocker Administration and Monitoring compliance state and error status.

  • The device contains a TPM (Trusted Platform Module), either TPM 1.2 or TPM 2.0.
  • Enable UEFI Secure Boot.
  • Enabled, the platform maintains Secure Boot functionality.
  • Enabled DMA protection actively safeguards direct memory access.

Here are some other errors relating to MBAM/BitLocker encryption: System check found some issues during MBAM encryption: Fail, the Power cable must be connected, and What is the effect of renaming an MBAM or BitLocker protected Computer.

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Rate this post
Windows Tags:, , , , , , , , , , ,

Related Posts

More Related Articles

regreg How to configure screen saver timeout in Windows Windows
Lockout7 Change Account Lockout Threshold for Local Accounts in Windows: The reference account is locked Windows
How to Disable UAC with Group Policy and enable PIN in Windows Hello How to Disable UAC with Group Policy and enable PIN in Windows Hello Windows
Windows 11 default Icons Windows Desktop Icon: How to Make Default System Icons Visible Windows
Driver Automation Tool Windows Driver Management: Upgrade Driver Automation Tool Windows
fix windows activation 0x87E10BC6 error Fix Error 0x87E10BC6 on a PC running Windows non-core Edition Windows

Leave a Reply