Can I use Bitloker to encrypt USB-disk backups on 2008 server

Hi

I'm about to encrypt a (TPM installed and Preparaion tool allready run) a 2008 std server joined to an SBS 2003 domain. Among other worries in my mind (the first one for me) I wonder if I can encrypt 2008 server's local Image and Data backups (created with 2008 server¨s own backup tools) which are stored to external USB disks connected to 2008 server?

Any considerations here? What if the 2008 server crashes totally. Can I restore files to another server? Can I restore image to another (harwware compabtible) server? Actually. Is it a good idea to encrypt USB backups (in case of stolen)?

Thanks,

Juha

RimFire007Asked:
Who is Participating?
 
TolomirConnect With a Mentor AdministratorCommented:

take a look at this please:

How to use the BitLocker Recovery Password Viewer for Active Directory Users and Computers tool to view recovery passwords for Windows Vista
http://support.microsoft.com/kb/928202

Overview The BitLocker Recovery Password Viewer lets you locate and view BitLocker recovery passwords that are stored in AD DS. You can use this tool to help recover data that is stored on a volume that has been encrypted by using BitLocker. The BitLocker Recovery Password Viewer tool is an extension for the Active Directory Users and Computers MMC snap-in. After you install this tool, you can examine the Properties dialog box of a computer object to view the corresponding BitLocker recovery passwords. Additionally, you can right-click a domain container and then search for a BitLocker recovery password across all the domains in the Active Directory forest (multiple domains) .

APPLIES TO

    * Windows Vista Ultimate
    * Windows Vista Enterprise
    * Windows Vista Ultimate 64-bit Edition
    * Windows Vista Enterprise 64-bit Edition
    * Windows Vista Home Premium
    * Windows Vista Home Basic
    * Windows Vista Business
    * Windows Vista Home Basic 64-bit Edition
    * Windows Vista Home Premium 64-bit Edition
    * Windows Server 2008 Standard
    * Windows Server 2008 Enterprise
0
 
RimFire007Author Commented:
Thanks,

to keep it simple. Is it convient to encrypt server's external backup USB-disk with Bitlocker?

Rgs,

Juha

P.S. Just reading the articles you provided.
0
 
TolomirConnect With a Mentor AdministratorCommented:
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
TolomirConnect With a Mentor AdministratorCommented:
Scroll down to step 6, try to decrypt the data. If that works without problem (especially on a non-domain computer) you have a reliable solution.
0
 
RimFire007Author Commented:
Aha

In my Backup server to USB drive Scenario:

1. If the server crashes totally I need the Bitlocker repair tool to gain access to those files resides on the USB disk.
2. I also need Vista Enterprice or Server 2008 computer to run Bitlocker repair tool.
3. It is a good idea to have one non-domain joined Vista Enterprise or (Win7) computer for restore in case of total server crash.

Correct?

Thanks Tolomir,

Juha

0
 
TolomirConnect With a Mentor AdministratorCommented:
1:yes
2: no I think you can even use vista client
3: I suggested this just for testing to make sure the USB drive cannot get the password automatically from the domain.

Please test the setup. Store some test data as mentioned on the bitlocker encrypted drive. Unplug it try to recover the data while connected to a vista client running the repair tool.
Backup is important - but more important is restore.
I just want you to become familiar with it.
In a desaster recovery situation you need to know the time to recover from backups. Then there is no time for try&error        .
   
0
 
RimFire007Author Commented:
Great

Based on your detailed answers I understand this more cleary. I really do have to test recovery to be sure my disaster recover plan is working.

The BitLocker Repair Tool is something I need to recover data from encrypted USB disk if the "Mother" server is crashed.


Thanks again Tolomir,

I can go on now.
0
 
TolomirAdministratorCommented:
I've found this bitlocker best practice tutorial, I guess you can get some important information from it:

http://www.windowsecurity.com/articles/Best-practice-guide-how-configure-BitLocker-Part1.html

http://www.windowsecurity.com/articles/Best-practice-guide-how-configure-BitLocker-Part2.html
 
Thank you for the points.

Tolomir
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.