none
How to make Bootable BitLocker Encrypted USB Pendrive ?

    Question

  • Hi,

    We have created a bootable USB flash drive using WinPE 3.0 and it is booting successfully. Then encrypted it using Bit Locker Encryption using following command

            manage-bde -on D: -pw

    After Encryption, we are not able to boot the Pendrive. Can anyone help with this?

    Thanks in Advance

    Thursday, November 23, 2017 2:10 PM

All replies

  • I don't think there is a way since WinPE is not made to be used together with bitlocker.

    You can use a windows to go bootable stick together with bitlocker instead. https://docs.microsoft.com/en-us/windows/deployment/planning/windows-to-go-overview Please note: in order to create such a stick, you need

    -a suitable stick (see hardware requirements in my link)

    -windows 10 enterprise ISO

    -win10 pro or enterprise as OS to start stick creation (my link is wrong about that, the link says, enterprise is required, that is no longer true).

    • Proposed as answer by Ronald Schilf Tuesday, November 28, 2017 7:53 AM
    Friday, November 24, 2017 8:54 AM
  • Hi,

    Is that you encrypt the bootable USB flash drive in WinPE?

    Did the encryption process complete successfully?

    Did you try to connect the USB to other PC to see if there is any message?

    Please try to decrypt the bootable USB flash.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 24, 2017 9:12 AM
  • Thanks for update

    we are encrypting USB flash drive in Windows and the encryption process completed successfully. we confirmed it by giving the following command in command prompt.

         manage-bde -status

    when we connect the USB to a PC, it is showing that "This drive is protected by BitLocker Drive Encryption" and asking for password. But when we try to boot from the encrypted flash drive it shows as "Remove Disks or other media. Press any key to restart".

    And we successfully decrypted it using following command

        manage-bde -off D:

    The only thing here is, we cannot boot the flash drive once it is encrypted.

    And the flash drive consists of the following:

    • bootmgr
    • sources folder with .wim file in it
    • Boot folder and
    • EFI folder.

    Is there any method to boot the encrypted flash drive?

    Thanks in advance

    Friday, November 24, 2017 11:23 AM
  • Hi,

    If you want to boot it with Win PE, you could decrypt the bootable USB flash to do it.

    As Ronald Schilf said “ WinPE is not made to be used together with bitlocker.”

    If you encrypt the bootable USB flash, it may be similar to encrypt the system partition(which contains the files needed to start your computer and must be at least 200 MB).

    Here is one of BitLocker requirements.

    Have at least two partitions: a system partition and an operating system partition (which contains Windows). The operating system partition will be encrypted and the system partition will remain unencrypted so your computer can start. If your computer doesn't have two partitions, BitLocker will create them for you.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Monday, November 27, 2017 1:53 AM
  • Hi, 

    How’s everything going? Please feel free to give me any update.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 28, 2017 10:28 AM