Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [bitlocker]

Microsoft Windows technology for full disk(volume) encryption.

BitLocker is a full disk encryption feature that adds a layer of security to storage devices to protect data and sensitive information from falling into the wrong hands. BitLocker is available in the Windows 7 Enterprise and Ultimate Operating Systems as well as Windows Server 2008 and 2008 R2 Operating Systems.

Features include:

  • Multi-factor authentication
  • Ability to encrypt Removable storage devices
  • AES 128-bit encryption
  • Group Policy and Active Directory integration
137 questions
30
votes
1 answer

How do you check if a hard drive was encrypted with software or hardware when using BitLocker?

Due to the recent security findings in that probably most SSDs implement encryption in a completely naive and broken way, I want to check which of my BitLocker machines are using hardware encryption and which ones are using software. I found a way…
Pablo
  • 7,249
  • 25
  • 68
  • 83
15
votes
3 answers

How do I set the BitLocker PIN?

I am running Windows 7 RTM and have both physical drives BitLockered. Because my machine has a TPM it will boot all very nicely when I turn it on. But my employers would prefer if I was challenged for a password at boot time. I have found this…
Colin Desmond
  • 659
  • 1
  • 7
  • 18
10
votes
2 answers

How to enable BitLocker with no prompts to the end user

I have configured BitLocker and TPM settings in Group Policy such that all the options are set and the recovery keys stored in Active Directory. All our machines are running Windows 7 with a standard corporate image and have their TPM chips enabled…
Wes Sayeed
  • 1,862
  • 6
  • 27
  • 41
9
votes
2 answers

TPM had to be reintialized: Does a new recovery password have to be uploaded to AD?

Some way some how, a user's machine couldn't get read the bitlocker password off of the TPM chip, and I had to enter the recovery key (stored in AD) to get in. No big deal, but once in the machine, I tried to suspend bitlocker per recovery…
MDMoore313
  • 5,531
  • 6
  • 34
  • 73
8
votes
1 answer

BitLocker with Windows DPAPI Encryption Key Management

We have a need to enforce resting encryption on an iSCSI LUN that is accessible from within a Hyper-V virtual machine. We have implementing a working solution using BitLocker, using Windows Server 2012 on a Hyper-V Virtual Server which has iSCSI…
bigmac
  • 459
  • 3
  • 8
  • 18
7
votes
3 answers

Is it possible to stop computers which aren't Bitlocker encrypted logging in?

Is it possible to somehow (startup script?) stop any unencrypted computers from being able to connect to the domain? Environment: Windows Active directory, 1000-ish computers, mostly bitlocker encrypted, about 50/50 on win 7 or 10 enterprise.
Digital Lightcraft
  • 369
  • 4
  • 19
7
votes
2 answers

Cloning a bitlocker encrypted disk

Our company's had its laptops for just over 2 years now and they have all become slow and many of them have had their harddisks dying randomly lately. I noticed that many of my colleagues use a tilted stance for their docking stations. I suppose…
Jaap Haagmans
  • 414
  • 3
  • 11
7
votes
2 answers

BitLocker Setup requires the drive file system to be NTFS

We are running a new Windows 2008 R2 Server on Dell PowerEdge R620 Hardware. I am trying to enable BitLocker Encryption on the C Drive, I have already enabled the TPM from the BIOS. During the phase where it checks your computers configuration, we…
JoshODBrown
  • 335
  • 4
  • 13
6
votes
1 answer

Can I recover a bitlocker encrypted drive offline?

Windows 10, server 2012 R2 domain I'm confused about the options for recovering a bitlocker encrypted drive offline. Lets say I'm encrypting the HDDs of domain computers with bitlocker using TPM (not storing the keys on usb/floppy drives) and…
red888
  • 4,069
  • 16
  • 58
  • 104
6
votes
9 answers

Recommended drive encryption solution

I will soon be purchasing a number of laptops running Windows 7 for our mobile staff. Due to the nature of our business I will need drive encryption. Windows BitLocker seems the obvious choice, but it looks like I need to purchase either Windows 7…
Chris Driver
  • 512
  • 1
  • 5
  • 14
5
votes
1 answer

How do I fix a non-starting "Microsoft Key Distribution Service"? (not to be confused with Kerberos KDS)

The Microsoft Key Distribution Service is not starting on my DC (kdssvc.dll) and when I look at the event log under Microsoft\Kdssvc, I see the events: Event ID 4001 Group Key Distribution Service failed to start. Status 0x80070020. Event ID…
makerofthings7
  • 8,821
  • 28
  • 115
  • 196
5
votes
2 answers

Windows Server 2008 BitLocker

I would like to configure whole disk encryption on all of my Domain Controllers. Is BitLocker an acceptable method to do this? What are the potential problems with whole disk encryption on a Domain Controller?
Fred Marr
  • 53
  • 3
4
votes
0 answers

Bitlocker - mainboard exchange won't require recovery password - why?

A mainboard died. It was exchanged for the same board type (same bios and config, as well, also a new CPU but of the same type). The hard drive is encrypted with bitlocker (on Win10 Pro v1903) and I use an fTPM (Intel PTT) + PIN. I had expected to…
Hans Hase
  • 61
  • 2
4
votes
1 answer

How to securely encrypt Hyper-V VMs in Failover Cluster

Having TPM 1.2 installed on 2x Dell x730, what options to encrypt user and network data in Failover Cluster? I see Windows Server 2016 allows to passthrough the TPM to the VM.…
P.Pauls
  • 266
  • 1
  • 7
4
votes
2 answers

Can bitlocker be used in the guest OS of HyperV Windows VM?

We are studying the possibility of using BitLocker inside the guest OS of VM (i.e. not the parent OS on the VM host). We have both Win2008R2 VM and Win2012(not R2) VM. And we found this…
Lapson
  • 41
  • 1
  • 1
  • 3
1
2 3
9 10