How to Store Bitlocker Key on a Virtual Floppy

If you try to run BitLocker on a VM you will receive this error:


This because you have to create a group policy allowing Bitlocker running without a compatible TPM. My VM is not joined to a domain, so I enabled this policy on Local Group Policy (gpedit.msc):

“Local Group Policy\Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Require additional authentication at startup”


Next step is to create the virtual floppy in “Hyper-V Manager” using Actions menu.

Mount the just created floppy image on the VM and format it.

You are now ready to enable BitLocker but you need to do it from a command line, because the build in tool only work when you use TPM or USB stick.
Run as administrator this command:

cscript c:\Windows\System32\manage-bde.wsf -on C: -rp -sk A:


Save somewhere the Numerical Password in case of recovery.

After a reboot the computer will start encrypting the disk.

When the disk is fully encrypted, you can reboot the VM in unattended mode until the floppy is mounted. If you dismount the floppy, your machine do not boot, asking for floppy or for recovery key:w2k8_bitlockernokey.png


Remember, on Windows Server, Bitlocker is a feature to install:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s