Configure and install Truecrypt for Windows
Enough background information for now, let’s start with the installation. The case is to install a brand new Windows 7 system first and encrypt it with Truecrypt. During the Windows setup, I will remove the 100 MB Windows partition to minimize the amount of partitions. After that I continue to install Truecrypt and configure system encryption.
First, I’m starting to install Windows. I won’t describe the whole installation, only the parts that matters. During the installation process, make sure that Windows creates only one NTFS partition and there is enough free space left for the Ubuntu installation. I have a 40 GB harddrive and use 20 GB for Windows and 20 GB for Ubuntu. I will describe the Windows 7 partitioning process. Goal for the partitioning is to install Windows on one partition only, and don’t use the 100 MB system partition. This makes multiboot easier. Note that you have enough capacity left for Ubuntu. Click the images for a larger view.
The setup process continues. When finished the installation you can install windows updates, service packs and other software like a virus scanner.
Install Truecrypt software on Windows
Now you have to install Truecrypt to make system encryption available. You can download Truecrypt here. Installation does not automatically enable system encryption, installation is the first step.
Encrypt the Windows system with Truecrypt
If Truecrypt is installed, you can start the encryption process. Please make a backup if you have data on your disk. Truecrypt needs to create a recovery CD, so you need a blank CD. This CD is really important in case the bootloader gets corrupt and you have to restore it.
You have to choose if you will Encrypt the whole disk or just the System partition. Encrypting the whole disk makes it unavailable for other operating systems, so I choose to encrypt the Windows system partition only. Select that option and click ‘Next’.
Truecrypt must be the main bootloader. Even though Ubuntu or Grub is installed, select No. You can fix the Ubuntu boot loader later, see the ‘Tips and troubleshooting’ part. Select ‘No’ and click ‘Next’.
Invent a password. The stronger the better. You can also use a passphrase like a sentence for stronger security. Most special characters are accepted. Note that keyfiles are not supported for system encryption, so leave this field blank. Click ‘Next’ to continue.
Truecrypt will create a rescue disk. This is useful when the bootloader is damaged. The rescue disk is an iso9660 image file which is recognized by most CD/DVD burning software. Mind the location where the image file is stored, usually under the documents folder. (note that I changed it back to my home folder in the screenshot)
In Windows 7 the ‘Microsoft Windows Disc Image Burner’ will be started to burn the imagefile to a CD. Remind that you insert a blank CD, label it as your Truecrypt rescue CD and store it safely. When using older a Windows version you have to burn the image with other software to the CD. If you are looking for free open source CD burning software without adware take a look at InfraRecorder or take a look at other open source burning software on Wikipedia.
For extra security you can choose to overwrite files that are deleted. Data left after a file deletion is still encrypted, but can be overwritten for extra safety. This slows down your system and not required under normal conditions. Click ‘Next’ to continue.
All configuration settings are finished now. Truecrypt is almost ready for encryption. When hitting the ‘Test’ button it will install a new bootloader in the master boot record and reboot the system. The reference ‘Test’ is somehow mistaken because real changes are made to your system. It is named ‘Test’ because encryption will be applied when the bootloader has once started successfully. Press ‘Test’ when you’re ready to hit the road.
The reboot takes place. You are requested to enter the password and hit enter. This is the password you entered for encryption, not your Windows password. Windows will start next.
Note: When you have problems with the password (for example a typo), hit the ‘Esc’ key. Currently the system is not yet encrypted and you can start it without entering the correct password. When back in Windows Truecrypt automatically asks you to uninstall the pre-boot authentication and restore your old bootloader. Encryption is canceled.
Windows with Truecrypt ready for use
Windows is now securely encrypted! When booting your system the Truecrypt pre-boot authentication takes place.