Configuring BitLocker Drive Encryption on Windows Server 2008

From Techotopia
Revision as of 20:43, 9 July 2008 by Neil (Talk | contribs) (New page: Bitlocker Drive Encryption is a security feature feature first introduced in the Ultimate and Enterprise editions Windows Vista and subsequently incorporated into all editions of Windows S...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Bitlocker Drive Encryption is a security feature feature first introduced in the Ultimate and Enterprise editions Windows Vista and subsequently incorporated into all editions of Windows Server 2008.

Bitlocker performs a number of functions depending on the hardware support of the system on which Windows Server 2008 is running. At the most basic level, Bitlocker encrypts the encrypts all the operating system files and user data contain on a disk drive such that it cannot be accessed if the system or drive are stolen. In addition a key is written to a USB flash drive during the Bitlocker configuration process. This flash drive must be inserted into a USB port on the computer at system startup in order to gain access to the system.

When used in conjunction with a computer system which has a Trusted Platform Module (TPM) together with a Trusted Computing Group (TCG) compatible BIOS Bitlocker also provides additional features including the verifying the integrity of the boot files prior to system startup. In addition, TPM support also provides the option to specify a PIN that must be entered on system start up in addition to the flash drive key.

This chapter of Windows Server 2008 Essentials provides a detailed overview of the steps necessary to configure Bitlocker Drive Encryption.

Bitlocker Prerequisites

Unfortunately Bitlocker Drive Encryption is not supported on all systems. In fact, the following are mandatory prerequisites for using Bitlocker:

  • A minimum of 1.5Gb of available disk space (either unallocated or available for reallocation from an existing partition).
  • A BIOS which supports clearing of system RAM on reboot.

While not required to use Bitlocker, in order to take advantage of the full range of Bitlocker protection features the following optional requirements are also necessary:

  • Trusted Platform Module (TPM) Chip
  • Trusted Computing Group BIOS

Enabling Bitlocker Drive Encryption

The first step in configuring Bitlocker Drive Encryption involves enabling the feature within Windows Server 2008. This is achieved using the