Today I tried to encrypt my drive with TrueCrypt (7.0a). Although I do not plan to loose my laptop, you never know what happens, and there is potentially sensitive data on there from me or my clients. I already successfully did this on several other machines and was not expecting the error message “Windows is not installed on the drive from which it boots”. I was only supposed to continue if I was sure that it was. Well, I knew Truecrypt was right so I couldn’t go on. What now?
(Solution inside, so read on, Scott Hanselman to the rescue.)
For reference, this was my setup: I bought a Dell XPS laptop that had the OS and everything else installed on a regular 500 Gb HDD. There was room for another drive, so after the last nudge from Scott Hanselman (explanation further down this article), I went ahead and bought an 120 Gb SSD and installed Windows on it. After ample time (actually a little more than that because I had to do it twice, stupid me accidentally used a 32-bit Windows DVD the first time…) , I had a dual boot system that could boot either to the manufacturer installed OS or to my own fresh-and-clean OS on the speedy drive (booting in less than 12 seconds, wow!). As an extra bonus, this rid me of all the useless extras manufacturers tend to install. It just took some extra time to install all the drivers but that was significantly eased by the Dell Driver disc I received with my laptop (kudos) that had everything I needed including a basic guide for the installation order.
(As an aside, one of the driver installations presented me with this interesting choice:
Voltooien = Finish, Annuleren = Cancel.)
So now I have drive 0 (original) with the boot loader on it and the original Windows partition (and the rescue partition stuff) and a drive 1 with a fresh Windows installation on the ssd. Because the boot loader and the OS I am working from, are on two different drives, TrueCrypt cannot encrypt the entire drive.
There were some workarounds available on the web, including a very nifty one using a grub boot loader. That was way to advanced for me however, considering that the more I thought about it, I didn’t really need the dual boot setup into the original drive — it was nice to have a backup before I knew it worked, but now it did, I couldn’t think of a reason to keep it. But how do I move the boot loader to the other drive without reinstalling everthing again?
I read up on the docs on bcdedit and easybcd to try to find out if I could use those to move the bootloader over, but was not convinced. Until I google-stumbled upon a blog entry from (of all people) Scott Hanselman, one of my favorite speakers at the DevDays conference I attended a week ago. In fact, if you watch the video from his Coding 4 fun session on Channel 9, really early in the session you can hear him state an SSD is about the single most productive thing a developer could possibly buy. That was the last nudge I needed to go and buy one last week.
It turns out he had a comparable problem(don’t if his included an SSD too though) and his solution exactly fitted mine and involved the bcdboot tool I had never heard of before.
The steps were really easy:
- Open an elevated command prompt and run bcdboot c:\windows /s c:
- Reboot, enter the BIOS and swap the 2nd hard drive before the 1st in the boot order.
Presto! Well not quite yet (for me). Turned out the Windows partition on the ssd was not yet marked active. So I booted via drive 0 one last time to set the partition on drive 1 as active via the Windows disk manager. Done! Thank you, Scott.
BTW, even if you don’t want to read Scott’s entire article, I advise you to read his disclaimer. 🙂
After this, I could encrypt the drive without a problem
Shiftkey Software Blog 
Plaats een reactie