Just for testing it could be nice to run Bitlocker on a virtual Windows. But as everybody knows (or should know), you need TPM or a USB stick to be able to run Bitlocker encryption on the disk.
We can actually use anykind of removable disk, not only USB stick, and a virtual floppy will do the trick. So we just need to create a virtual floppy in our virtualization software. I use Hyper-V as example here but it works just as well in VmWare, thanks to Christian Mohn the vNinja for testing it out.
The first thing we have to do is to create a group policy allowing us use Bitlocker without a compatible TPM. Se picture to find the setting.
So the next step is to create the virtual floppy in "Hyper-V Manager", a simple wizard and you can off course just copy the empty disk to all computers you want to use Bitlocker on. It should be formated.
Mount the floppy on the computer you wish to encrypt with Bitlocker and start it up.
We are now ready to enable bitlocker and we need to do it from a command line, because the buildt in tools only work when you use TPM or USB stick.
The command which need to be run as administrator is:
manage-bde.wsf -on C: -rp -sk A:
Here you will see both the External Key and Numerical Password. The numerical password ID are the number (Key ID) the computer will ask for when it need to recover, and the password are the key you need to type in. You can later go into Bitlocker manager and print this out or save it to a new location. You might event set it up with a group policy to save the keys in Active Directory, or use Microsoft Bitlocker Administration And Monitoring (Mbam) for central collection.
After a reboot the computer will start encrypting the disk. This method works on both client and server with all versions that have bitlocker possibility, yes event Windows 8 developer preview, thats why you see the blue ribon around the command prompt window above ;-)
The proof, a Hyper-V computer with Bitlocker enabled