2

I'm working on a project where I need to encrypt only the data drive on a machine and I don't want there to be any user interaction at the console on boot. These systems will be running at remote sites and I will have to pay to have someone visit the machines for servicing.

I've got TrueCrypt working for this on server 2003 running as a service via SrvAny, but I'd like a more streamlined solution. So, if I can do it on Server 2008 with Bitlocker, I think I'd be happy - relatively. :-)

Anyhow, as I start to dig into the Bitlocker docs, it appears as though you need to encrypt the boot drive. Is this correct?

Thanks in advance!

Chris

Christopher Stewart
  • 21
  • 2

1 Answers1

2

That's a negative. You do not have to encrypt the boot drive. The thing is that the Microsoft documentation for the most part assumes you want to encrypt the boot drive, but you can encrypt external drives, flash drives, etc. without encrypting the boot/system drive. You can even do this from the shell using manage-bde.exe if you wanted to script this.

MDMoore313
  • 5,531
  • 6
  • 34
  • 73