What is Bit locker Drive Encryption?
BitLocker is a data protection feature available in the Windows Server systems as well as client systems. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned.
How to install Bitlocker during initial configuration
1) When you install Windows Server 2008, the Initial Configuration Tasks window appears.
2) Choose Add features, and then install BitLocker Drive Encryption.
3) Restart your server.
To install Bitlocker after windows installation
1) Click Start, click Server Manager, click Add Features, and then click BitLocker Drive Encryption.
2) Restart your server.
To turn ON Bitlocker Drive Encryption.
1) Click Start, click Control Panel, click Security, and then click BitLocker Drive Encryption.
2) If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
3) On the BitLocker Drive Encryption page, click Turn On BitLocker on the operating system volume. A message appears, warning you that BitLocker encryption might have a performance impact on your server.
If your TPM is not initialized, you will see the Initialize TPM Security Hardware wizard. Follow the directions to initialize the TPM and restart or shut down your computer.
4) On the Save the recovery password page, you will see the following options:
a) Save the password on a USB drive. Saves the password to a USB flash drive.
b) Save the password in a folder.
c) Saves the password to a folder on a network drive or other location.
d) Print the password. Prints the password.
Use one or more of these options to preserve the recovery password. For each option, select the option and follow the wizard steps to set the location for saving or printing the recovery password.
5) When you have finished saving the recovery password, click Next.
6) On the Encrypt the selected disk volume page, confirm that the Run BitLocker System Check check box is selected, and then click Continue.
Confirm that you want to restart the computer by clicking Restart Now. The computer restarts and BitLocker verifies whether the computer is BitLocker-compatible and ready for encryption. If it is not, you will see an error message alerting you to the problem.
7) If it is ready for encryption, the Encryption in Progress status bar is displayed. You can monitor the ongoing completion status of the disk volume encryption by dragging your mouse cursor over the BitLocker Drive Encryption icon in the notification area at the bottom of your screen.
By completing this procedure, you have encrypted the operating system volume and created a recovery password unique to this volume.
