BitLocker ToGo Encryption for Windows Server 2008 R2

BitLocker ToGo encryption is a new feature that ships with Windows Server 2008 R2 which provides encryption for removable drives. This is a very important feature for backups as it ensures that backups are protected.

Before using BitLocker ToGo, you will need to add the BitLocker feature to Windows Server 2008 R2. From Server Manager, select the server then click Add Features from the Action menu which will open up the Add Features Wizard. From there, select BitLocker Drive Encryption and you will see the regular BitLocker designed for non-removable drives and uses a TPM (Trusted Platform Module) for encryption, and also the new BitLocker ToGo used for removable drives.

To add BitLocker Drive Encryption from PowerShell, use the below code from an elevated PowerShell command line:

Import-Module ServerManager
Add-WindowsFeature BitLocker

BitLocker ToGo can be managed by double-clicking the BitLocker Drive Encryption icon in the Control Panel. From there, to enable BitLocker ToGo on a removable drive, click Turn On BitLocker beside the drive icon.

The first time BitLocker or BitLocker ToGo is run on the server, you will see a warning message that this can impact performance, click Yes at this prompt and , the BitLocker Drive Encryption Wizard will start.

Firstly, select how to  unlock the drive by using either a password or  smart card. Next you will be offered a several methods for saving the recovery key, normally it is preferable to use all possible methods – save to a file and keep the file   safe, print the recovery key  and store the printout  in a safe location. Make sure you store the recovery key where it can be easily accessed when you need it.