I was working on an article about BitLocker Portal page and one of the prerequisite steps is to enable BitLocker on the server. Anyways I thought it would be a good time to add a video to Where is BitLocker on Windows Server? But after looking at I know that I didn’t show you How to Configure BitLocker on a Server. So, this article with its accompanying video will show you the steps that I took to accomplish this task.
Why do this manually?
In my option, this should be done when you create the VM and not after the fact. For most workstations this is done within the Task Sequence (TS) but server tend to be more manually done so a lot of people forget to do this, particularly on a virtual machine (VM). This will show you how when you forget to do it within a automated process.
What setting should you use for encryption?
This is could be a long answer but really it depends, but the stronger the better from a security standpoint. However, that might (stress might) have a slight performance impact. I will use the default settings. Why because for my lab the defaults are fine.
How to Configure BitLocker on a Server
To start the process, open Control Panel applet, then under System and Security, locate BitLocker Drive Encryption.
- Remove any boot media before starting
- Turn on BitLocker via the Control panel applet.
- Reboot
- Save / Print the Recovery key
- Select Entire disk or Used Space
- Select New Encryption mode
- Run Bitlocker System Check
- Restart Computer
- Let BitLocker process compete. This might take a while but you can use the system while the drives are encrypting. e.g., this might take hours on an existing server or a few minutes on a few server!
Notice
Notice that you are NOT prompted for the cipher strength when doing manually. It will select the default (128 bit) cipher strength. In order to user a higher cipher strength you will need to configure it via GPO or ConfigMgr BEFORE doing the encryption of the drive! Otherwise, you will need to decrypt and re-encrypt the drive to use the high cipher strength or encryption method.
Should you do Free space or Full Drive Encryption?
This is a hard question to answer but you will see within the video that I will tell BitLocker to encrypt the whole drive! You will also see that start to finish with Reboot, the whole process isn’t much more than 6 minutes.
Other Bitlocker articles that you might fine interesting are:
Where Is Bitlocker On Windows Server?
How To Enable Bitlocker Recovery Information To Active Directory
How To Backup Bitlocker Recovery Key To Ad
How To Query Ad For Bitlocker Details
And look for a few more on using BitLocker with ConfigMgr (policies) and Portals.
Simple Steps to Configure BitLocker on Your Server Video
In this video, I will go show you How to Configure BitLocker on a Server.
If you have any questions about Simple Steps to Configure BitLocker on Your Server. Please feel free to contact me @GarthMJ Please also subscribe to my YouTube channel and newsletter.