Part 2 of 2 ::

To read Part 1 click on the Link  How to Configure BitLocker Drive Encryption

Pre-requisites:

  • You must have administrative rights before proceeding.
  • Windows 2008 R2 Server.
  • TPM [Trusted Platform Module], hardware module must be embedded in the computer.

It will not be much of difference while enabling BitLocker Drive Encryption on Server side if you have TPM enabled in BIOS.

While enabling BitLocker on Server Operating System ,it consume 1.5GB of unallocated or specific drive disk space ,it may also shrink the Boot Drive to create 1.5GB disk space and use it however its important to mention that no drive letter will be allocated to it.

I assume , you have already installed the Operating System and Enabled the TPM from BIOS .

Either in the case of you receive error when you start with Checked “Run BitLocker system check” which happens because of TPM not allowing the BitLocker Access Control which can be allowed through group policy. or prior to starting the BitLocker Drive Encryption, you can try to change the policy for smooth ride :

  1. Run “gpedit.msc” without quote
  2. Goto : Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components ->BitLocker Drive Encryption -> Operating System Drives
  3. Select Edit for the policy “Configure TPM platform validation profile” ,enable it.

So lets begin with step by step configuration:-

Click on “Start” and then Click on “Control Panel

StartControlPanel

Click on “BitLocker Drive Encryption” in “All Control Panel Items“.

BitLocker Option

BitLocker Option

You will be able to see all the drive in your system which has drive letter. And an option of “Turn On BitLocker

Turn On BitLocker

Turn On BitLocker

When you will click on “Turn On BitLocker” ,a pop-up message will appear with the details “Do you want to start BitLocker setup?

Confirming BitLocker Setup

Confirming BitLocker Setup

On Clicking to “Yes” , it will start the “BitLocker Drive Encryption Setup” whose purpose is to Prepare the drive for BitLocker and Encryption of drive.

BitLocker DriveEncryption Setup

BitLocker DriveEncryption Setup

Once click on “Next” , it will go to “Preparing your Drive for BitLocker” . You will be able to see a discription “An Exisiting drive or unallocated free space on the Hard drive will be used to enable BitLocker” this will consume 1.5 GB for the disk space. It may shrink your exisiting c:\ drive and use 1.5 Gb of disk space. Unless you specifically create a 1.5 GB system drive.

Preparing Drive For BitLocker

Preparing Drive For BitLocker

On clicking to “Next” you will get option for saving recovery key.

Recovery Key Saving Option

Recovery Key Saving Option

After you saved the key to your desired location and click on Next.
You will asked for confirming to for encryption “Are you ready to encrypt this drive?” , Don’r forget to check the option “Run BitLocker system check” .

Run BitLocker System Check

Run BitLocker System Check

Once check and click on Continue it will start encryption and a reboot will be in pending state.

Pending Reboot

Pending Reboot

 

 

How to Configure the machine policy to require a pre boot PIN + TPM is already discribed in the previous blog on BitLocker which remains same as it is.