GPO setting can cause the BitLocker Drive Configuration Tool to fail to properly create a BitLocker partition

Summary: Learn how to fix BitLocker Drive Configuration Tool issues caused by GPO settings. Resolve BitLocker partition creation problems for Dell BitLocker Manager.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Affected Products:

  • Dell BitLocker Manager
  • Dell Data Protection | BitLocker Manager

Cause

Not Applicable

Resolution

There is a known conflict with the Deny Write Access to Fixed Drives not Protected by BitLocker Group Policy setting and preparing a drive that is not yet encrypted for BitLocker.

Since the drive preparation requires changing the volume, if this policy is enabled, the preparation fails because the volume is not writable until it has been encrypted.

The following two mechanisms are how this policy can be set:

  • Group Policy setting in Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drive
  • Policy setting in the Credant Manager BitLocker policy section of the CREDANT or Dell Data Protection | Enterprise Edition Server is in the 'Fixed Data Volume Settings'.

The BitLocker Drive Preparation Tool (BdeHdCfg) can be manually run before installing CREDANT Manager for BitLocker. Optionally, CREDANT Manager runs the tool in the background if it encounters a volume that must be encrypted.

In either case, there can be a problem if the preparation tool is run with the policy Enabled.

If the BitLocker Drive Preparation Tool (BdeHdCfg) is run on a computer when this policy setting is enabled, you may encounter the following issues:

  • If you attempted to shrink the drive and create the computer drive, the drive size is successfully reduced, and a raw partition is created. The raw partition is not formatted. The following error message displays: The new active Drive cannot be formatted. You have to manually prepare your drive for BitLocker.
  • If you attempted to use unallocated space to create the computer drive, a raw partition is created. The raw partition is not formatted. The following error message displays: The new active Drive cannot be formatted. You may have to manually prepare your drive for BitLocker.
  • If you attempted to merge an existing drive into the computer drive, the tool fails to copy the required start-up file onto the target drive to create the computer drive. The following error message displays: BitLocker setup failed to copy start-up file. You may have to manually prepare your drive for BitLocker.
  • If this policy setting is enforced, a hard drive cannot be repartitioned because the drive is protected. If you are upgrading computers in your organization from a previous version of Windows and the computers were configured with a single partition, you should create the required BitLocker computer partition before applying the policy setting to the computers.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Additional Information

Other Resources:

BdeHdCfg.exe Parameter Reference This hyperlink is taking you to a website outside of Dell Technologies.

Affected Products

Dell Encryption
Article Properties
Article Number: 000130713
Article Type: Solution
Last Modified: 03 abr 2024
Version:  13
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.