Bit locker is a drive encryption feature which was introduced in Windows vista Windows Server 2008, but Bitlocker is available only with the selected versions of Windows only. Using bit locker user can protect unauthorized access to the disk drives.Bitlocker has following features

Bitlocker can encrypt entire hard disk or utilized portion of the hard disk.•Can be combined with EFS(Encrypted File System).•Bitlocker is fully compatible with TPM which is the hardware device we can use for encryption. Using this feature we can encrypt system drive even

•

• Using group policy we can configure Bitlocker options• Centrally we can manage the recovery keys

In Windows 2012/2012 R2 Server operating system, Bitlocker is a on demand feature. Also using group policy we can centrally manage Bitlocker encryption also.

Step by step for configure Bit locker in Enterprise environment.

Configure Group policy for Bitlocker

Creaet a group policy(GP name-Bitlockerconfig)i.Assign policy to the domainii.

All the Bitlocker related settings are coming uner "Computer configuration>Administrative Tempplates> Windows Components > Bitlocker Drive Encryption"

a.Do the following changesiii.

Bitlocker Drive EncryptionSunday, March 15, 2015 5:11 AM

LabGuides Page 1

With Bit locker group policy configuration can be configured with Fixed drives, Removable Data drives or Operating system Drives separately. Expanding BitLocker Drive Encryption folder will show all the available options. In this guide we are going to manage bitlocker on fixed drive.

b.

Inside the fixed drive folder there are some group policy settings available.We are going to enable last policy setting(Chose how BitLocker-Protected fixed drives can be recovered).Using this setting we can mentioned that how to can recover passwords of Bitlocker encrypted fixed drives. Here I used to save all the Bitlocker recovery information with ADDS .

c.

LabGuides Page 2

Enable Bitlocker in Server 2012 R2(File Server)

a. Open server manager and go to the Manage > Select "Add Roles And Features" and add "BitLocker Drive Encryption" from features list, It will automatically add "Enhanced Storage" Feature also

LabGuides Page 3

a. Once its complete, we have to restart the server

Bitlocker encryption on disk drive

Now we can enable the bitlocker on our data drive(E Drive).Just right click on the drive and select "Turn on BitLocker"

a.

LabGuides Page 4

Enter password for Bitlocker encryption for this E driveb.

We have three options for keep this recovery keyc.

LabGuides Page 5

Now we can start the encryptiona.

Manage Bitlocker

For manage the Bitlocker, easiest way is to use powershell cmdlets wich are coming under Bitlocker module. We can view those commands using Get-Command -Module Bitlocker cmdlet

LabGuides Page 6

When we are login to our server, its showing that E drive as unlocked drive

How to lock Bitlocker encrypted drive

Open Powershell > we can use "Lock-Bitlocker -MountPoint "e:\" cmdlet to lock the drivea.

LabGuides Page 7

After that its locked and prompt a password when we are trying to open itb.

LabGuides Page 8

*If we don’t have the password, forgotten password we have to click on more option and think about the recovery key

How to recover the Bitlocker encryption drive, in case of password forgotten or loss scenario

a. We can use saved recovery key in the local drive

*But this is not a good practice, file can be missing at any time

a. From the Administrators point of view, easiest way is to recover the encryption key from the Active Directory(We have enabled it from Group Policy).To get the recovery key from Active Directory, Open the "Active Directory Users and Computers" > Right click on the computer which we want to recover the Bitlocker recovery key > Select "Bitlocker Recovery" Tab and get the recovery key

LabGuides Page 9

LabGuides Page 10