Create an encrypted WIN10 system with BitLocker and VHDX

If your computer does not support TPM-encrypted BitLocker, you cannot encrypt the system disk completely.

You can use a workaround: Create a VHDX, encrypt the vdisk with BitLocker, then install the operating system on this disk, and finally add the VHDX to the Bootmanager.

Such a system is the original Windows (Vista above the system, recommended is WIN10 1511 or above), one is VHDX windows.

When Windows starts the VHDX, it requires a BitLocker password to enter the system.

The specific contents are as follows:

Next.vhdx-bitlocker encrypted WIN10 The virtual disk to be deployed. Note: All operations are done under Windows 10 Enterprise system because BOOTMGR does not support XP systems, so it cannot be used directly under XP.   Use: 1, back up BCD, enter at the command prompt in Administrator mode: c:\> bcdedit/export%USERPROFILE%\DESKTOP\BACKUP1.BCD This command is backed up to the desktop and it is recommended that you copy it to another secure location right away. Note: You can use Bootice to do backup and restore of BCD, bootice recovery is better than bcdedit import parameters. 2, copy NEXT.VHDX to some of the remaining space larger partition (when the production is set to 100GB), can be a folder, and then double-click NEXT.VHDX load, enter the unlock password. 3. Create a BCD boot entry.   Note: The BCDboot command should be done under the original WIN10 system. Assuming that NEXT.VHDX successfully loaded the X-disk, enter it at the command prompt in Administrator mode: c:\> bcdboot x:\windows/d/addlast Add/L ZH-CN parameter to set its boot interface language to Chinese; Add/s C: Parameter will The boot of the VHDX system is installed to the C: disk.   4, restart the system, choose to enter the NEXT.VHDX volume boot entry, there will be BitLocker, enter the unlock password. Note Each time the boot menu appears, choose to enter the boot entry for the volume where the NEXT.VHDX is located until Windows is installed. 5. Change the boot entry name to Windows that enters the VHDX, enter at the command prompt of the administrator: Display name c:\> bcdedit/set {current} description "Windows ten VHD" interface language: like English   can be set to en-US c:\> bcdedit/set {current} locale ZH-CN two options: The legacy character interface, standard displays the Metro graphical interface. C:\> Bcdedit/set {Current} Bootmenupolicy Legacy production: Preparation: Win10 ISO and Winntsetup v3.8.6 (including bootice) 1, making VHDX 1.1 open Disk utility (Win +X,K), execute menu command: Actions,Create the VHD, select the disk format VHDX in the window that appears, save the location as NEXT.VHDX, the virtual hard disk size is 100GB, and the type will automatically expand dynamically.   Click the OK button.   1.2 In the Disk Utility disk list, right-click the newly created virtual disk, click "Initialize Disk" command, the window appears in the form of partition default MBR, the direct point "OK". 1.3 In the Disk Utility disk list, right-click the partition map to the right of the virtual disk, click the "New Simple Volume" Command, the wizard window appears, always click Next, remember the assigned drive letter.   2. Enable BitLocker Open Explorer (win+e), select "This PC" folder, right-click the new volume drive letter, click "Enable BitLocker" command, in the window that appears, tick "unlock drive with Password", then enter the password, next, you can keep the recovery key to the file, Next, select the encryption mode as appropriate and start the encryption. 3. Write Install.wim data 3.1 load WIN10 ISO image 3.2 Run Winntsetup, include Windows folder select \sources\install.wim in virtual optical drive, install disk location Select New Volume, point "start security Are you ready to install "3.3 in the show"? window, the boot sector changes to "Do not update the startup code", the Start menu and the check box of the shutdown are all unchecked, click the "OK" button, waiting for the mirror deployment to complete. 4, Production completed 4.1 separate VHD.   In the disk utility, right-click the newly created virtual disk, point to "Detach vhd" command, OK. 4.2 Eject the ISO.   In the Explorer "This PC" folder, right-WIN10 mirror the virtual CD-ROM, click "Eject" command. 4.3 If you are not installing locally, use Bootice to remove extra entries in BCD in "Advanced edit mode" Application The Windows Enterprise LTSB (VHDX) corresponding to the Objects node   The Windows resume objects node is automatically deleted. 4.4 The NEXT.VHDX backup that will be created.   Make complete Delete: 1, remove boot entry from BCD Note: Remove please do a BCD backup. c:\> bcdedit/delete GUID2, delete next.vhdx file.

--

Create an encrypted WIN10 system with BitLocker and VHDX