In group policy, navigate to Operating System Drives and double click on Require additional authentication at startup (Windows Server 2008 and Windows Vista) policy and Enable it: Once you’ve opened the console, navigate to Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption and view the available group policies: Note that not all devices have a TPM chip included so if this is your case, you’ll need to configure the Server to be unlocked using a startup password. My VM does not support TPM chip, so I will have to enable a policy that will bypass this missing component. Navigate to local group policy to view the available BitLocker policies. Be patient because the install operation takes a long period of time: Note that you will need to select the secondary partition (C) as the installation drive for the OS. Now close Command Prompt and exit the Recovery console then click Install Now. q – performs a quick format /fs – used for selecting the file system, in this case NTFS Type exit to return to CMD and execute the following commands: We’ve created the partitions and it’s time to format them as assigned a file system. You can now execute list partition command to verify if the partitions were created successfully. Now it’s time to create the two partitions by executing the following commands:Ĭreate partition primary size =38000 – the C partition in which the OS will be installedĬreate partition primary size 2000 – The BitLocker partitionĪctive – we’ve marked this partition as active The clean command has been executed to empty the whole disk: Because my VM has only one disk, I’ve selected it by using its Disk ID (0). With these commands we have listed the available disks and we’ve selected the one that will be partitioned. We will need to create at least two partitions, one for BitLocker and the other one for the OS, by typing the following commands: At the installation page, select Repair your computer and click Next until you reach the System Recovery Options and open a Command Prompt:įor this operation we will use Diskpart which is a partitioning tool provided by the OS. If you’re using a virtual machine in VMware, you will need to disable Easy Install and then boot in the installation media. To create a partition and mark it as active you will need to boot from the installation media in Recovery mode. Once you’ve created this partition you can add more primary partitions but make sure there is plenty of space for the OS. You must first create an extra partition that is around 2 GB that’s marked as active and will be used by BitLocker. To configure BitLocker you will need to partition your hard drive correctly. So you may end up recovering the System because the drive becomes unavailable. One problem for System Administrators is when there is any maintenance on the BIOS level, because BitLocker locks the drives with every reboot. This means that you will need to unlock the System using a BitLocker key. With TPM, BitLocker verifies the startup information (Boot Sector, Windows Loader, BIOS, MBR and Boot Manager) of the Operating System and if some altered data is discovered, the volumes become locked and data cannot be accessed. These two components are needed when performing data integrity checks. Note that one important requirement of BitLocker is the TPM (Trusted Platform Module) chip and a BIOS that supports it.
One big problem of using such keys is the fact that if those are lost, the entire system becomes untouchable and all data is lost.īitLocker is a feature included in different Windows Server 2008 editions and you can add it using the Server Manager console. One solution is to use a pre-configured key that grants access to the data. There are several methods with which you can access encrypted information from a volume protected with BitLocker.
With BitLocker, not only is the OS encrypted, but also data, page file, applications and application configuration. This means that if a device was stolen, no data could be recovered from it since everything is encrypted. This technology was first released with Windows Vista and introduced two important security features: encryption of hard drives and integrity check for data. When planning a BitLocker deployment in your Windows Infrastructure, you’ll need to take into consideration many factors that can/will influence your network.
0 kommentar(er)
