Previous Topic

Next Topic

Enabling BitLocker drive encryption

If you selected NO for BitLocker support, during the initial operating system installation, set existing 1.5 GB system partition as Active using Disk Manager and reboot the system so your server boots from 1.5 GB partition. Complete the following steps starting with 1.

If you selected Yes, during the initial operating system installation, complete the following steps:

  1. Add BitLocker feature from server manager and reboot the server.
  2. After the operating system boots, log in as administrator, go to Control Panel, click Security, and then click BitLocker Drive Encryption.
  3. If the User Account Control dialog box appears, confirm the action and then click Continue. The BitLocker Drive Encryption page appears.
  4. Click Turn On BitLocker on the operating system volume. The following warning appears: BitLocker encryption might have a performance impact on your server. If your TPM (Trusted Platform Module) is not initialized, the TPM Security Hardware wizard appears. Follow the directions to initialize the TPM. You must restart or shut down your computer for the changes to take place.
  5. On the Save the recovery password page, the following options appear:
  6. When you have finished saving the recovery password, click Next. The Encrypt the selected disk volume page appears.

    IMPORTANT: The recovery password is required in the event the encrypted disk is moved to another computer, or changes are made to the system startup information. This password is so important that HP recommends that you make additional copies of the password and store it in a safe place apart from the computer to assure access to your data. Your recovery password is needed to unlock the encrypted data on the volume if BitLocker enters a locked state. This recovery password is unique to this particular BitLocker encryption. You cannot use it to recover encrypted data from any other BitLocker encryption session.

  7. Confirm that the Run BitLocker System check box is selected, and then click Continue.
  8. Click Restart Now. The computer restarts and BitLocker verifies if the computer is BitLocker-compatible and ready for encryption. If it is not, an error message alerting you to the problem appears.
  9. If it is ready for encryption, the Encryption in Progress status bar appears. You can monitor the ongoing completion status of the disk volume encryption by dragging your mouse cursor over the BitLocker Drive Encryption icon in the notification area at the bottom of your screen.

    By completing this procedure, you have encrypted the operating system volume and created a recovery password unique to this volume. The next time you log in, you see no change. If the TPM ever changes or cannot be accessed, if there are changes to key system files, or if someone tries to start the computer from a product CD or DVD to circumvent the operating system, the computer switches to recovery mode until the recovery password is supplied.

    For more information regarding BitLocker, see the Microsoft® website.