• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 535
  • Last Modified:

Can I use Bitloker to encrypt USB-disk backups on 2008 server

Hi

I'm about to encrypt a (TPM installed and Preparaion tool allready run) a 2008 std server joined to an SBS 2003 domain. Among other worries in my mind (the first one for me) I wonder if I can encrypt 2008 server's local Image and Data backups (created with 2008 server¨s own backup tools) which are stored to external USB disks connected to 2008 server?

Any considerations here? What if the 2008 server crashes totally. Can I restore files to another server? Can I restore image to another (harwware compabtible) server? Actually. Is it a good idea to encrypt USB backups (in case of stolen)?

Thanks,

Juha

0
RimFire007
Asked:
RimFire007
  • 5
  • 3
4 Solutions
 
TolomirAdministratorCommented:

take a look at this please:

How to use the BitLocker Recovery Password Viewer for Active Directory Users and Computers tool to view recovery passwords for Windows Vista
http://support.microsoft.com/kb/928202

Overview The BitLocker Recovery Password Viewer lets you locate and view BitLocker recovery passwords that are stored in AD DS. You can use this tool to help recover data that is stored on a volume that has been encrypted by using BitLocker. The BitLocker Recovery Password Viewer tool is an extension for the Active Directory Users and Computers MMC snap-in. After you install this tool, you can examine the Properties dialog box of a computer object to view the corresponding BitLocker recovery passwords. Additionally, you can right-click a domain container and then search for a BitLocker recovery password across all the domains in the Active Directory forest (multiple domains) .

APPLIES TO

    * Windows Vista Ultimate
    * Windows Vista Enterprise
    * Windows Vista Ultimate 64-bit Edition
    * Windows Vista Enterprise 64-bit Edition
    * Windows Vista Home Premium
    * Windows Vista Home Basic
    * Windows Vista Business
    * Windows Vista Home Basic 64-bit Edition
    * Windows Vista Home Premium 64-bit Edition
    * Windows Server 2008 Standard
    * Windows Server 2008 Enterprise
0
 
RimFire007Author Commented:
Thanks,

to keep it simple. Is it convient to encrypt server's external backup USB-disk with Bitlocker?

Rgs,

Juha

P.S. Just reading the articles you provided.
0
 
TolomirAdministratorCommented:
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
TolomirAdministratorCommented:
Scroll down to step 6, try to decrypt the data. If that works without problem (especially on a non-domain computer) you have a reliable solution.
0
 
RimFire007Author Commented:
Aha

In my Backup server to USB drive Scenario:

1. If the server crashes totally I need the Bitlocker repair tool to gain access to those files resides on the USB disk.
2. I also need Vista Enterprice or Server 2008 computer to run Bitlocker repair tool.
3. It is a good idea to have one non-domain joined Vista Enterprise or (Win7) computer for restore in case of total server crash.

Correct?

Thanks Tolomir,

Juha

0
 
TolomirAdministratorCommented:
1:yes
2: no I think you can even use vista client
3: I suggested this just for testing to make sure the USB drive cannot get the password automatically from the domain.

Please test the setup. Store some test data as mentioned on the bitlocker encrypted drive. Unplug it try to recover the data while connected to a vista client running the repair tool.
Backup is important - but more important is restore.
I just want you to become familiar with it.
In a desaster recovery situation you need to know the time to recover from backups. Then there is no time for try&error        .
   
0
 
RimFire007Author Commented:
Great

Based on your detailed answers I understand this more cleary. I really do have to test recovery to be sure my disaster recover plan is working.

The BitLocker Repair Tool is something I need to recover data from encrypted USB disk if the "Mother" server is crashed.


Thanks again Tolomir,

I can go on now.
0
 
TolomirAdministratorCommented:
I've found this bitlocker best practice tutorial, I guess you can get some important information from it:

http://www.windowsecurity.com/articles/Best-practice-guide-how-configure-BitLocker-Part1.html

http://www.windowsecurity.com/articles/Best-practice-guide-how-configure-BitLocker-Part2.html
 
Thank you for the points.

Tolomir
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now