0

I have a Dell Latitude E6440 running Windows 7 x64. It originates from my work and admin installs Trend Micro Full Disk Encryption on all work computers. I was using a Samsung 750GB SSD but it started to fail so I cloned the drive (CloneZilla) to a new 1TB Samsung SSD. All works well except that the encrypted C: partition is still 698GB to fit the old drive.

I tried expanding the partition in Windows Disk Manager (sees the Trend Micro partitions as NTFS), but discovered that this causes a blue screen failure when booted. Makes sense because Trend Micro FDE must have control of the MBR/partition table? This is consistent with 3rd party partition managers seeing the Trend Micro partitions as "unallocated" or "unknown" file systems. Seems the only way to expand the encrypted partition is to uninstall/decrypt FDE then change the partition and re-encrypt - something my work administrators are reluctant to do.

I thought a work around would be to create a new partition from the unallocated space (roughly 230GB - reported as "logical" in 3rd party partition software). Partition is created fine, and a drive letter is applied, and the partition is usable - until I reboot. The partition and drive disappear when rebooted. Checking with 3rd party disk partition programs fails to find the partition when using recovery, so it seems to have been erased, not just lost.

So I'm left with 230GB unusable (well, it's used I suppose as over-provisioning space). Any ideas for how I can make full use of my drive? Or is my only solution to badger my administrators into decrypting (could take days)?

Improve this question
3
  • Is this a work laptop or a personal laptop? If it's a work laptop, why aren't the admins doing all of this for you, including the SSD replacement? If it's a personal laptop, why are you relying on software presumably licensed to your workplace for private use?
    – user
    Commented May 23, 2017 at 15:56
  • 1
    It's a work laptop but I've found it easier to do modifications myself rather than try to get our support people to do anything out of the ordinary (other than re-image the drive, which seems to be their preferred response to technical problems). I didn't want to reimage the drive because I have a lot of specialized software and settings that would require reinstallation.
    – K. Egger
    Commented May 23, 2017 at 16:23
  • They take that position because your organisation realises that it is far cheaper to rebuild a PC messed up by people with local admin rights that it is to try and analyse all the problems and try to sort them out. Most organisations recognise that anyone given local admin rights has to take responsibility for fixing things or allow a rebuild.
    – Julian Knight
    Commented May 23, 2017 at 22:32

1 Answer 1

Reset to default
0

The whole point of full disk encryption is that you cannot mess with the partition!

The only way to change the partition is to unencrypt it, modify it then re-encrypt it. Unless Trend provides a management tool to do that automatically.

Indeed, if that were encrypted with Microsoft Bitlocker, you would not have been able to clone onto a new disk I don't think as it uses the TPM chip and "knows" about the host hardware configuration (I think, I've not actually tried it).

Improve this answer
2
  • Fair enough with regards to the encrypted partition. But I was surprised that I couldn't create a partition from unallocated space. Is it the Trend Micro FDE that is erasing the partition when I reboot? Or is this something else that could be corrected from within Windows?
    – K. Egger
    Commented May 24, 2017 at 0:05
  • I don't know I'm afraid. Might just be a locked down UEFI/BIOS.
    – Julian Knight
    Commented May 24, 2017 at 9:17

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .