search cancel

System does not encrypt after installing Symantec Endpoint Encryption 11.1 Bitlocker Management package

book

Article ID: 163119

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

After creating the Bitlocker Management package for Symantec Endpoint Encryption 11.1 and installing it on an endpoint, the endpoint does not encrypt.

Cause

Bitlocker requires a small additional partition that it will use to store encryption data.  If the drive is not appropriately configured, it will not encrypt.

Resolution

There is a built-in Microsoft Bitlocker configuration tool which can be used on a system to repartition the drive appropriately for use with Bitlocker, bdehdcfg.exe.  It shrinks the existing drive and creates a new partition, and should not result in data loss under normal operation.  An example command to resize/repartition the drive to work with Bitlocker is as follows:
bdehdcfg.exe -target default

This command should be run through an Administrator Command Prompt.  The -quiet flag can be appended to make this process invisible to the user as follows:
bdehdcfg.exe -target default -quiet

This command can be issued either before or after Symantec Endpoint Encryption is installed.  After the drive is repartitioned via the tool, it should register a user and begin encryption on the next reboot.  As it is a Microsoft tool, any issues encountered during the use of this tool should be directed to Microsoft.

A full list of the bdehdcfg.exe parameters can be found on the Microsoft site:
https://technet.microsoft.com/en-us/library/ff829850.aspx