BitLocker Drive Encryption is a technology designed to provide protection for entire disk drives. BitLocker to Go is a development on the same technology available with Windows 7 that enables encryption of USB flash drives. You can therefore protect drives in the event of theft and data on drives that might exist on decommissioned servers.
Protection using BitLocker can be enhanced with a TPM chip on the computers' motherboard. TPM (Trusted Platform Module 1.2). BitLocker uses it to seal the keys that are used to unlock the encrypted operating system drive. When you start your operating system, BitLocker requests the key from the TPM chip and then uses it to unlock the drive. If the drive is put in a different computer it will stay locked until it is manually unlocked using a recovery key. When using a BitLocker-encrypted drive, if you add new files to the drive, they are automatically encrypted.
If the machines do not have TPM, drives (fixed or removable) can be unlocked with a password or a smart card, or you can set the drive to automatically unlock when you log onto the computer.
To add BitLocker on Server 2008 R2 (REQUIRES TPM!)
Before you turn on BitLocker in control panel you should see the following:
After you click Turn on BitLocker the following window will appear:
Type in a complex password and confirm. The next window to appear will ask you how you want to save a recovery key in the event of forgetting the password (print or save to file). Choose one and on the next window start encrypting.
Protection using BitLocker can be enhanced with a TPM chip on the computers' motherboard. TPM (Trusted Platform Module 1.2). BitLocker uses it to seal the keys that are used to unlock the encrypted operating system drive. When you start your operating system, BitLocker requests the key from the TPM chip and then uses it to unlock the drive. If the drive is put in a different computer it will stay locked until it is manually unlocked using a recovery key. When using a BitLocker-encrypted drive, if you add new files to the drive, they are automatically encrypted.
If the machines do not have TPM, drives (fixed or removable) can be unlocked with a password or a smart card, or you can set the drive to automatically unlock when you log onto the computer.
To add BitLocker on Server 2008 R2 (REQUIRES TPM!)
- Open Server Manager.
- Right-click Features.
- Click Add Features.
- Select BitLocker Drive Encryption
- Restart your computer
- Close the Server Manager window
- Open Control Panel, System and Security and open BitLocker Drive Encryption
- Click Turn On BitLocker
Before you turn on BitLocker in control panel you should see the following:
After you click Turn on BitLocker the following window will appear:
Type in a complex password and confirm. The next window to appear will ask you how you want to save a recovery key in the event of forgetting the password (print or save to file). Choose one and on the next window start encrypting.
No comments:
Post a Comment