?
Solved

Bitlocker on Server 2008 R2 data volume - simple question I think

Posted on 2014-04-11
2
Medium Priority
?
432 Views
Last Modified: 2014-04-11
We need to meet a requirement that the data on the server is encrypted just so that if someone literally stole the server there would be some safeguards.    I don't know much about Bitlocker - would this work?

It is a simple document management system - database with file repository - assume the sensitive data is only in the repository.

I don't need to encrypt the OS.  So can I encrypt the data (volume or just folders?)  on the "E" drive with bitlocker?  Would this be seamless when booting normally - I think so.  But if someone actually stole the server they would need to log in to the OS to get to the data - if they removed the data drives (and rebuilt the RAID) it would be encrypted.  Does it/can it work this way?  Anyone have things set up like this?
0
Comment
Question by:jsprev
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 56

Accepted Solution

by:
McKnife earned 1200 total points
ID: 39994438
Hi.

I have this setup on multiple 2008R2ers.
The question about "seamlessness" is the crucial point. If it has to be automated ("hands free rebootable"), you will have to use either a TPM chip or a script to provide the key.

If your server hardware has a TPM chip, the setup is easy, no need to explain. However, you would need to be aware about attack vectors that remain. Those are called "cold boot attacks" and are illustrated in this video (watch it if your server has a TPM): http://www.youtube.com/watch?v=JDaicPIgn9U

If it hasn't, the way to go is to use a script. The script would use manage-bde.exe (see manage-bde /?) for syntax. It would be triggered by task manager to start on every system start. The script itself would have to be placed on the network share of another device that would be physically secured. If stolen, the script could not be loaded and the drive would stay locked.
0
 

Author Closing Comment

by:jsprev
ID: 39994686
Thanks!
0

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question