sign in sign up
<<
Home , BitLocker, PowerShell

Bitlocker Drive Sunday, March 15, 2015 5:11 AM

Bit locker is a drive encryption feature was introduced in Windows 2008, but Bitlocker is available only with the selected versions of Windows only. Using bit locker user can protect unauthorized access to the disk drives.Bitlocker has following features

• Bitlocker can encrypt entire hard disk or utilized portion of the hard disk. • Can be combined with EFS(Encrypted ). • Bitlocker is fully compatible with TPM which is the hardware device we can use for encryption. Using this feature we can encrypt system drive even • Using we can configure Bitlocker options • Centrally we can manage the recovery keys

In Windows 2012/2012 R2 Server , Bitlocker is a on demand feature. Also using group policy we can centrally manage Bitlocker encryption also.

Step by step for configure Bit locker in Enterprise environment.

Configure Group policy for Bitlocker

i. Creaet a group policy(GP name-Bitlockerconfig) ii. Assign policy to the domain

iii. Do the following changes a. All the Bitlocker related are coming uner "Computer configuration>Administrative Tempplates> Windows Components > Bitlocker Drive Encryption"

LabGuides Page 1 b. With Bit locker group policy configuration can be configured with Fixed drives, Removable Data drives or Operating system Drives separately. Expanding BitLocker Drive Encryption folder will show all the available options. In this guide we are going to manage on fixed drive.

c. Inside the fixed drive folder there are some group policy settings available.We are going to enable last policy setting(Chose how BitLocker-Protected fixed drives can be recovered).Using this setting we can mentioned that how to can passwords of Bitlocker encrypted fixed drives. Here I used to save all the Bitlocker recovery information with ADDS .

LabGuides Page 2 Enable Bitlocker in Server 2012 R2(File Server)

a. Open server manager and go to the Manage > Select "Add Roles And Features" and add "BitLocker Drive Encryption" from features list, It will automatically add "Enhanced Storage" Feature also

LabGuides Page 3 a. Once its complete, we have to restart the server

Bitlocker encryption on disk drive

a. Now we can enable the bitlocker on our data drive(E Drive).Just right click on the drive and select "Turn on BitLocker"

LabGuides Page 4 b. Enter password for Bitlocker encryption for this E drive

c. We have three options for keep this recovery key

LabGuides Page 5 a. Now we can the encryption

Manage Bitlocker

For manage the Bitlocker, easiest way is to use cmdlets wich are coming under Bitlocker module. We can view those commands using Get-Command -Module Bitlocker cmdlet

LabGuides Page 6 When we are login to our server, its showing that E drive as unlocked drive

How to lock Bitlocker encrypted drive

a. Open Powershell > we can use "Lock-Bitlocker -MountPoint "e:\" cmdlet to lock the drive

LabGuides Page 7 b. After that its locked and prompt a password when we are trying to open it

LabGuides Page 8 *If we don’t have the password, forgotten password we have to click on option and think about the recovery key

How to recover the Bitlocker encryption drive, in case of password forgotten or loss scenario

a. We can use saved recovery key in the local drive

*But this is not a good practice, file can be missing any

a. From the Administrators point of view, easiest way is to recover the encryption key from the (We have enabled it from Group Policy).To get the recovery key from Active Directory, Open the "Active Directory Users and Computers" > Right click on the computer which we want to recover the Bitlocker recovery key > Select "Bitlocker Recovery" Tab and get the recovery key

LabGuides Page 9 LabGuides Page 10