I was writing a few BitLocker articles (e.g. How to Enable BitLocker Recovery Information to Active Directory) and I need a computer that I could turn on BitLocker. As always, I open the control panel and look for BitLocker and can’t find it! I say to myself, where is BitLocker on Windows Server? Within a minute or two, I remember that there are extra steps on enabling BitLocker on a server. As part of this article, I will also show you how to enabled TPM on a Hyper-V virtual machine (VM). This article will provide the step-by-step to do both of these tasks.
How to Enable BitLocker on Windows Server
I don’t know why BitLocker is NOT automatically installed on all servers. I would think with the world worrying about security that this would be installed by default. Anyways, I digress.
What is BitLocker?
It allows for disk encryption of your hard drives.
See Wikipedia for more details on BitLocker.
From the Server Manager Dashboard. Select Add roles and features, item. (green arrow)
The Before you begin, screen maybe missing if you have selected Skip the page by default before. Click Next.
Again, accept the defaults and click Next.
Select BitLocker Drive Encryption, this will immediately open the Add Roles and Feature Wizard windows. Click Add Features button.
Still on the main wizard window, click Next.
Click Install to start the installation of BitLocker on Windows Server.
Meanwhile, wait for the installed to complete.
You will have to reboot before the install if completed. Click Close and reboot the server. Finally, you are done. And at last, you can enabled BitLocker like Windows 11.
How to Enable TPM on Hyper-V Server
There really isn’t a trick to this. But it seemed like a good companion topic for how to enabled BitLocker on a Windows Server. It also didn’t seem worthy of its own article.
What is TPM?
TPM is a chip that allow you to securely store passwords.
Read more about Trusted Platform Module.
Turn off the VM before starting. In Hyper-V Manager, right-click as VM and select Setting….
Again on the setting window, select Security node (green arrow) then select Enabled Trusted Platform Module (TPM) (orange arrow), finally click OK to complete the installation of TPM.
Note: You need to enable TPM BEFORE you enabled BitLocker.
Coupled with the other BitLocker articles as shown in this set are How to Enable BitLocker Recovery Information to Active Directory, How to Backup BitLocker Recovery Key to AD, How to Query AD for BitLocker Details. Will improve your Security.
To sum up, With just a few minutes of effort, you too can increase the security of your environment. Do not get caught and remember this article and remember how easy it was to enable BitLocker. If you have any questions, please feel free to touch base @Garthmj.