Can I Do This With Bitlocker and Windows 10, version 21H1 ?

TL;DR I thought I could easily turn on Bitlocker with both my two bootable Win 10 internal hard drives just as simply as I was able to do so with my half dozen plus external USB drives that I am able to unlock with a password. I ended up borking one of the drives and had to format and reinstall from an image.

I then came across this post which I believe answered my question why I was running into difficulties.

Is it possible to have Windows 10 dual boot and BitLocker encrypted partitions?

Is it possible to have Windows 10 dual boot and BitLocker encrypted partitions? - Super User

The answer given was "The problem you are running into is likely due to how Windows stores the key to unlock the partition in your platform TPM. When you activate Bitlocker using a TPM, Windows clears the TPM and installs a fresh key for use with the encryption. This is why you lose access to your first install. You can have multiple TPM devices (one provided by the CPU and one provided by a discrete TPM chip) but only one may be active in UEFI at a time. Changing the active TPM would invalidate secure boot. So even that is not a solution. The only way to have what you want is to make one of the Bitlocker deployments ignore the TPM. You can control this using group policy. It will be less secure because you will have to store the key in plain text on a USB drive. For this reason you should use a different PIN for each of the two partitions. Unfortunately this solution appears to be well above my expertise unless someone can ELI5 the exact steps 1. and then 2. and... that I should take in order to accomplish this without screwing things up.

So I am now willing to forgo having two win 10 bootable hard drives with Bitlocker on each of them and now I want to have Bitlocker enabled just on my "C" drive and turn my "D" drive into a data drive. If I do that, can I expect my "D" drive when I format it and turn Bitlocker on to act just like my Bitlocked external USB drives? When enabling Bitlocker on my now systemless data "D" drive to be given the opportunity to be able to unlock "D" with just a password when I boot from "C".

And then I want to enable Bitlocker on my "C" drive but during the initial Bitlocker setup process it's a must that I be presented with the option to unlock my "C" drive with a password and not the key that I saved. It would be just so much easier this way for me. I am unconcerned with using my 2.0 TPM device.

If I have been able to make my intentions clear any and all comments and instructions would be appreciated. TIA.

Here is how I handle it. I don't know if this fits your needs, but this is one method that works for me:

In my case I am dual booting Windows 11 and Windows 10, but this will work equally well with 2 installations of Windows 10.

I start by installing the first OS, in my case, Windows 11, just the same as if it were the only OS being installed. I can then BitLocker encrypt that drive.

Next, I will install the 2nd OS (Windows 10 in my case) but I install it to a VHD (Virtual Hard Disk) as is outlined in this tutorial:

Native boot Virtual Hard Disk - How to upgrade Windows

Because this VHD resides on the same drive that the first installation of Windows is on, the VHD will already be encrypted by BitLocker so there is no need to fiddle with BitLocker on this second installation of Windows. I also like this method because the entire secondary Windows installation is stored in a single VHD file which makes it possible to remove this installation literally within seconds.

Let me know if you require any additional information.

hsehestedt said:

Here is how I handle it. I don't know if this fits your needs, but this is one method that works for me:

In my case I am dual booting Windows 11 and Windows 10, but this will work equally well with 2 installations of Windows 10.

I start by installing the first OS, in my case, Windows 11, just the same as if it were the only OS being installed. I can then BitLocker encrypt that drive.

Next, I will install the 2nd OS (Windows 10 in my case) but I install it to a VHD (Virtual Hard Disk) as is outlined in this tutorial:

Native boot Virtual Hard Disk - How to upgrade Windows

Because this VHD resides on the same drive that the first installation of Windows is on, the VHD will already be encrypted by BitLocker so there is no need to fiddle with BitLocker on this second installation of Windows. I also like this method because the entire secondary Windows installation is stored in a single VHD file which makes it possible to remove this installation literally within seconds.

Let me know if you require any additional information.

>I don't know if this fits your needs

Thank you for that. I am afraid that following that method might be a bit above my expertise. If you are so inclined I posted this question on R. as well and I may have found a simpler solution though it would require me to lose my second internal bootable drive which I believe I am OK with. I would be interested in your thoughts. Thanks.

Can I Do This With Bitlocker and Windows 10, version 21H1 ?