How to Configure BitLocker Drive Encryption on Server -Part 2
Part 2 of 2 ::
To read Part 1 click on the Link How to Configure BitLocker Drive Encryption
- You must have administrative rights before proceeding.
- Windows 2008 R2 Server.
- TPM [Trusted Platform Module], hardware module must be embedded in the computer.
It will not be much of difference while enabling BitLocker Drive Encryption on Server side if you have TPM enabled in BIOS.
While enabling BitLocker on Server Operating System ,it consume 1.5GB of unallocated or specific drive disk space ,it may also shrink the Boot Drive to create 1.5GB disk space and use it however its important to mention that no drive letter will be allocated to it.
I assume , you have already installed the Operating System and Enabled the TPM from BIOS .
Either in the case of you receive error when you start with Checked “Run BitLocker system check” which happens because of TPM not allowing the BitLocker Access Control which can be allowed through group policy. or prior to starting the BitLocker Drive Encryption, you can try to change the policy for smooth ride :
- Run “gpedit.msc” without quote
- Goto : Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components ->BitLocker Drive Encryption -> Operating System Drives
- Select Edit for the policy “Configure TPM platform validation profile” ,enable it.
So lets begin with step by step configuration:-
Click on “Start” and then Click on “Control Panel”
Click on “BitLocker Drive Encryption” in “All Control Panel Items“.
You will be able to see all the drive in your system which has drive letter. And an option of “Turn On BitLocker”
When you will click on “Turn On BitLocker” ,a pop-up message will appear with the details “Do you want to start BitLocker setup?”
On Clicking to “Yes” , it will start the “BitLocker Drive Encryption Setup” whose purpose is to Prepare the drive for BitLocker and Encryption of drive.
Once click on “Next” , it will go to “Preparing your Drive for BitLocker” . You will be able to see a discription “An Exisiting drive or unallocated free space on the Hard drive will be used to enable BitLocker” this will consume 1.5 GB for the disk space. It may shrink your exisiting c:\ drive and use 1.5 Gb of disk space. Unless you specifically create a 1.5 GB system drive.
On clicking to “Next” you will get option for saving recovery key.
After you saved the key to your desired location and click on Next.
You will asked for confirming to for encryption “Are you ready to encrypt this drive?” , Don’r forget to check the option “Run BitLocker system check” .
Once check and click on Continue it will start encryption and a reboot will be in pending state.
How to Configure the machine policy to require a pre boot PIN + TPM is already discribed in the previous blog on BitLocker which remains same as it is.