How to Store Bitlocker Key on a Virtual Floppy

If you try to run BitLocker on a VM you will receive this error:

W2k8_BitLockerTPM

This because you have to create a group policy allowing Bitlocker running without a compatible TPM. My VM is not joined to a domain, so I enabled this policy on Local Group Policy (gpedit.msc):

“Local Group Policy\Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Require additional authentication at startup”

W2k8_GPOBitLocker

Next step is to create the virtual floppy in “Hyper-V Manager” using Actions menu.

Mount the just created floppy image on the VM and format it.

You are now ready to enable BitLocker but you need to do it from a command line, because the build in tool only work when you use TPM or USB stick.
Run as administrator this command:

cscript c:\Windows\System32\manage-bde.wsf -on C: -rp -sk A:

W2k8_BitLockerCMD

Save somewhere the Numerical Password in case of recovery.

After a reboot the computer will start encrypting the disk.
W2k8_BitLockerProgress

When the disk is fully encrypted, you can reboot the VM in unattended mode until the floppy is mounted. If you dismount the floppy, your machine do not boot, asking for floppy or for recovery key:w2k8_bitlockernokey.png

 

Remember, on Windows Server, Bitlocker is a feature to install:
W2K8_FeatureBitLocker

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s