ms-pro
asked on
BitLocker on DCs
Hi
I want to configure Bitlocker on my DC's based on Windows server 2008 r2 (VMware and Physical servers), can anyone provide with some info about how to configure it, is there any thing i need to be aware of, what is the best practices etc....
BR
ms-pro
I want to configure Bitlocker on my DC's based on Windows server 2008 r2 (VMware and Physical servers), can anyone provide with some info about how to configure it, is there any thing i need to be aware of, what is the best practices etc....
BR
ms-pro
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@KCTS fully agree with you, but can you provide me with a Technet article that can approve your consideration....
A small part of me agress with KCTS but on the other hand, if we are talking about a branch DC, somewhere where there is lack of security or theft concerns then I would use it. I foud this step by step guide here:
http://mscerts.programming4.us/windows_server/Configuring%20BitLocker%20Drive%20Encryption%20on%20a%20Windows%20Server%202008%20R2%20Branch%20Office%20Domain%20Controller%20(part%201).aspx
And another good link:
http://www.windowsecurity.com/articles/Best-practice-guide-how-configure-BitLocker-Part2.html
http://mscerts.programming4.us/windows_server/Configuring%20BitLocker%20Drive%20Encryption%20on%20a%20Windows%20Server%202008%20R2%20Branch%20Office%20Domain%20Controller%20(part%201).aspx
And another good link:
http://www.windowsecurity.com/articles/Best-practice-guide-how-configure-BitLocker-Part2.html
aer you not using a san for vmware its thats the 'normal why these days'
Hi.
Two thoughts to add:
-cold boot attacks are applicable to bitlocker, too. It's a matter of minutes if someone comes prepared. See http://www.youtube.com/watch?v=JDaicPIgn9U
-Maybe a RODC would help you? http://technet.microsoft.com/en-us/library/cc732801(v=ws.10).aspx
Quote: Branch offices often cannot provide the adequate physical security that is required for a writable domain controller
Two thoughts to add:
-cold boot attacks are applicable to bitlocker, too. It's a matter of minutes if someone comes prepared. See http://www.youtube.com/watch?v=JDaicPIgn9U
-Maybe a RODC would help you? http://technet.microsoft.com/en-us/library/cc732801(v=ws.10).aspx
Quote: Branch offices often cannot provide the adequate physical security that is required for a writable domain controller
ASKER
*
http://www.techotopia.com/index.php/Configuring_BitLocker_Drive_Encryption_on_Windows_Server_2008
http://technet.microsoft.com/en-us/library/cc732725(WS.10).aspx
Hope this help.