In Windows 2008 server, Bitlocker drive encryption can be used to encrypt and therefore protect the operating system and data files stored on the hard disk. Bitlocker encryption will prevent unauthorized users from accessing your sensitive data on a drive which has been misappropriated. This is also important from compliance perspective where data privacy and security are critical requirements.
To access the data protected by bit locker, a USB flash drive that stores the encryption key (created by Bitlocker) needs to be inserted into the USB port before system startup. Bitlocker also offers an optional feature which allows for integrity verification of system boot files so that any unauthorized changes such as malicious modification of boot files can be detected. However, for this feature to work, Bitlocker needs a computer system that has TPM (Trusted Platform Module) and TCG (Trusted Computing Group) compatible BIOS.
BitLocker Drive Encryption requires two different hard disk partitions to function properly:
- OS Volume: This volume is encrypted and stores OS (operating system) files and any other information/data which needs to remain confidential or in accessible to unauthorized users.
- System Volume: This volume contains the unencrypted boot information which is used by Bitlocker and needs to be at least 1.5 GB in size.
Bitlocker provides for full volume encryption and has to be installed and enabled before it can be used. To install BitLocker, go to Server manager > click on the Add New Features option > select Bitlocker Drive Encryption as shown below
Fig 1: Installing Bitlocker
Alternatively, type the following at a command prompt: ServerManagerCmd -install BitLocker –restart to Install and enable Bitlocker.