Dual Booting your Laptop with Bitlocker

  • Article

Hi,

Sorry for the delay since my last post. I have been Mad busy but things are getting onto a bit more of an even keel. Anyway alot of us within Premier Field Engineering use our Laptops for Everything including Demos utilising a range of Vhds. Plus we are all ensuring we are fully ramped up on all the 2008 technologies.  It is essential of course that we use Bitlocker which is mandatory for us so what is the best way to have a dual booting Laptop using Vista and Windows Server 2008 with Hyper-V plus ensure that our Data is secure.

Well thanks to my colleague Richard Macdonald he has come up with a strategy to approach this. However I must inform you that this is an approach that you must test thoroughly on your brand of Laptop. Ensure you are at the latest Hardware Bios and have the acces to all the latest drivers for your make of Laptop.Also backup any critical data prior to doing this. This is not a "recommended" solution but an approach that many of us have adopted to give us the flexibility of a dual booting machine to utilise Vista and 64 bit Windows 2008 on the same machine but keep our data secure.

Overview of Steps

1. Installed Vista in C:

2. Installed Server 2008 on D: (note that the drive letters change between the two Oss, so be careful to work on the correct one)

3. Created a small bitlocker partition (S:) that remains unencrypted.  Do this manually or use the Bitlocker Drive Preparation tool to do it (available as an Ultimate Extra). Note this is available if you choose Windows Update Online and download the Bitlocker and EFS enhancements.

4. Created an E: partition for shared data

5. Boot into Vista and encrypt C:, saving my recovery key on a USB key and setting a PIN for boot

6. Boot into Server 2008 and encrypted D:, saving my recovery key, etc as before – boot PIN is not shared between the two Oss, but you can set the same one for both if you want

7. Booted into Vista and encrypted E:

At this point when I boot into Vista I can access C: (vista partition) and E: (data partition), but get access denied to D:. If I boot to Server 2008 I can see D: (server 2008 partition), but have no access to C: and E:.

To access E: in both Oss, simply do this:

8.  Boot into Server 2008, open the bitlocker tool and select “unlock” for the E: partition

9. Provide the USB stick with your recovery key when prompted and select “save key ...”

Now each OS can see its own drive and the data drive, but not each other and you do not need to supply the recovery key in future during a normal boot (but obviously will for recovery reasons).  I deliberately left it that way so that the two OS partitions were not accessible to each other, to prevent any accidental changes, but you can follow the “unlock” steps above to make all partitions visible to all Oss