HACKS:

The first thing you need to do is modify your drive partitions to support BitLocker. Until about a week ago, this was a massive hassle: you'd need to re-partition and install from scratch. Fortunately, MIcrosoft has released a Windows Ultimate Extra (available through Windows Update) that will prepare your drive for BitLocker without repartitioning:

After you've installed it, open the Start Menu, and choose Programs->Accessories->System Tools->BitLocker->BitLocker Drive Preparation Tool. Follow the instructions (including the warning about backups), and prepare your drive. After it finishes, you'll need to reboot, and you'll find that the BitLocker control panel still isn't ready to cooperate:

To sort it out, you need to run the Group Policy Object Editor (open the Start menu, type gpedit.msc into the search field, and press enter. You can also launch gpedit.msc from the Run dialog or command prompt). Once you get into the Group Policy Object Editor, drill down to Local Computer Policy->Computer Configuration->Administrative Templates->Windows Components->BitLocker Drive Encryption. In the right-hand pane, double-click on Control Panel Setup: Enable advanced startup options. In the dialog that appears, enable this option, then press OK and close the Group Policy Object Editor:

Run the command gpupdate /force from the command prompt, search box, or start menu (you might need to launch the command prompt with Admin privileges, which means you need to find Command Prompt in the Start menu, right-click it, and choose Run as Administrator). After gpupdate runs, close the control panel and open it again to the BitLocker options, and with any luck, you should be able to configure BitLocker:

Any way to get BDE to work on VMware with a USB key? I've been testing it and I keep hitting a wall. Just curious to see if anyone has any success.

How do you make a duplicate Bitlocker USB startup key? The Bitlocker program has a feature labeled "manage bitlocker keys." Click this feature and you get a screen giving you the option to duplicate your USB key. This is good to create a duplicat startup key in case the original gets lost or stolen. The problem is that this feature does not work. I spent an hour on Sunday and another hour on Monday trying to get Microsoft technical support to make this feature work. My experience with Microsoft technical support was horrible. I don't understand how they could be so incompetent. If you know how to make a duplicate startup key, please let me know.

You don't get to make duplicate USB keys, but you are forced to create a backup (or many backups) of the key when you first set it up.

If you need to make a new backup - your key is regenerated making your old keys invalid. So be sure you can manage this before making backups willy nilly.

The feature does work - it just doesn't work the way you think it does.

I am very impressed by this article it workedgreat on Vista ultimate. I was suprised it still worked with SSFL enabled which locks the maching down into a security monster. Anyway I've had no problems or bugs to report. Booting is a bit slower but it thats the sacrafice I have to make for bitlocker security so be it. Thanks so much for your hard work and great tutorial.