BitLocker is a disk encryption tool developed by Microsoft, first included in Windows Vista as part of the company's security strategy. Its purpose is to protect data stored on hard drives and removable drives using AES encryption, preventing unauthorized access in case of loss or theft of the device. BitLocker leverages the TPM (Trusted Platform Module) to store encryption keys and offer automatic unlocking in certain scenarios, although it also allows the use of passwords or USB drives as alternative methods.
First, you need to enable the BitLocker feature. Open a PowerShell with administrator privileges and run:
DISM /Online /Enable-Feature /FeatureName:BitLocker /All
Once finished, it will request a restart if not already enabled and you must accept it.
Then, open gpedit.msc and locate the policy:
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives > Require additional authentication at startup
Edit it and enable it, check the option to allow BitLocker without TPM:
Then open a CMD or PowerShell and execute the following to apply the changes:
gpupdate /force
Once completed, using the manage-bde command or the BitLocker console that you can open from drives, you can activate it for the desired drive:
Complete the wizard and when it requests to restart the server, do so (use the password option):
Remember to store the recovery key in a safe place; if you forget the password it will be the only alternative.
During startup and also on future boots, it will require entering the password you set, and you will have to do so through the recovery console.
We hope this article has helped you 🙂. Remember, if you have questions about this or any other matter related to your servers at Clouding, do not hesitate to write to soporte@clouding.io We are here to help with whatever you need!