How do I create the "system reserved" partition for use by Bitlocker?

Hi guys. First post here so take it easy on me, haha.

I installed Windows 7 Enterprise 64-bit edition on my new Lenovo laptop. I captured an image of my machine and deployed the image to several others. Now, we want to start using Bitlocker. However, there is no "system reserved" partition, you know, the 100MB one that Windows automatically creates during install. Turns out that Bitlocker NEEDS this partition.

I can manually create this partition, but I don't think it's useable by Bitlocker. Regardless, I tested this. I created the partition (200mb after shrinking primary partition), rebooted, and ran the manage-bde -status command. There is another drive listed but it's unusable.

Here is the output of that command:

Code:

 
Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume D: [500GB]
[Data Volume]
    Size:                 465.76 GB
    BitLocker Version:    None
    Conversion Status:    Fully Decrypted
    Percentage Encrypted: 0%
    Encryption Method:    None
    Protection Status:    Protection Off
    Lock Status:          Unlocked
    Identification Field: None
    Automatic Unlock:     Disabled
    Key Protectors:       None Found
Volume . []
[Data Volume]
    Size:                 Unknown GB
    BitLocker Version:    None
    Conversion Status:    Fully Decrypted
    Percentage Encrypted: 0%
    Encryption Method:    None
    Protection Status:    Protection Off
    Lock Status:          Unlocked
    Identification Field: None
    Automatic Unlock:     Disabled
    Key Protectors:       None Found
Volume . []
[Data Volume]
    Size:                 Unknown GB
    BitLocker Version:    None
    Conversion Status:    Fully Decrypted
    Percentage Encrypted: 0%
    Encryption Method:    None
    Protection Status:    Protection Off
    Lock Status:          Unlocked
    Identification Field: None
    Automatic Unlock:     Disabled
    Key Protectors:       None Found

FYI, I have 3 disks in my machine:

Disk 0 = Samsung 840 EVO SSD in my Ultrabay, two partitions: 200mb system reserved & rest of space C:
Disk 1 = Whatever brand 500GB 7.2k RPM drive in main drive bay, one partition, drive D:
Disk 2 = Sandisk x110 SSD mSATA 256GB under the keyboard in mSATA slot, several partitions, Windows 8, no drive letters while booted into Win7 on disk 0.

I checked out the system reserved partition on another PC. It has a standard ID07 when viewing partition details in DISKPART. I was thinking it had a special ID to be marked as "system" or whatever, but I guess not. I do know that this partition is usually the first one created, so it starts at block 0 or whatever, but that shouldn't matter.

So now my predicament is that I don't want to have to reimage all of these machines.

Does Bitlocker truly require this other partition (I'm thinking YES), and if so, how can I create it manually and get it to actually work?

I am going to go check out the BCD fix from DriveImageXML. I remember it changing your BCD around to boot differently, so maybe I can make my manually created partition active and then run the BCD fix on it to make it bootable. I really have no idea and am not finding ANYTHING on the web about this. The only thing I keep finding over and over is how to create the partition manually BEFORE installing Windows, not after.

Thanks!

Brink said:

Hello Snake, and welcome to Seven Forums.

If you use the BitLocker wizard to encrypt the OS drive, then BitLocker will automatically create the System Reserved partition for you. :)

BitLocker Drive Encryption - Windows 7 Drive - Turn On or Off with no TPM

Hope this helps, :)
Shawn

Weird, I already replied to this, quoting you, but that reply isn't showing up.

Oh well, I'll just repeat what I said in that post while adding a couple screen shots.

Thanks for the reply. That is good to know that it will create that partition if needed. I should have mentioned in the OP, but I get an error when trying to enable bitlocker on drive C:

There are conflicting settings for recovery options. Contact your system admin. Backup to AD must be turned on or the use of data recovery agents enabed for recovery.

So I think something is set wrong in our group policy. I actually disable the group policy service because I don't agree with some of the setting changes, but we made a special policy just for me to try and automate the bitlocker process. I will insert screenshots of my registry to show my Bitlocker settings. Maybe someone can point me to which setting is causing the failure to encrypt C:. Thanks!

Brink was correct about it automatically creating the partition. I had 200MB of unallocated space and it still shrank my C: partition to make room for a 300MB system reserved one.

My problem was believing and relying on the output of the manage-bde -status command. It never did show my C: partition, yet I was able to Bitlock it no problem once the policy was set correctly. Yes, the error message was caused by incorrect policy settings. As soon as I change OSActiveDirectoryBackup to 1, the error doesn't occur. My Windows admin believes he has it set up correctly because it is set to not require AD backup. However, it appears to need it. Group Policy and MBAM 2.5 is more complicated than it needs to be, but we'll get it worked out eventually. For now, I'm encrypted with a static key instead of our desired dynamically-generated key.