Bitlocker on multiple partitions server 2008

I am trying to use Bitlocker to encrypt my server 2008.  I have successfully unlocked the TPM chip on the motherboard, and enabled the Bitlocker feature.  I have only encrypted single partitions with Bitlocker before.  This is the first time I'm attempting to encrypt multiple partitions (2) with Bitlocker.  I assume the C;\ parition will be easy, like it has been before...print or save the key information and then work much like normal.  I'm just not sure what to do about about the D:\ partition.  Microsoft has a "step-by-step" guide but it's mostly command prompt entries and using EFS...seems more complicated than it needs to be, but I'm game if that's the protocol.
Thanks
Jarrod731Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
you simply encrypt the additional partitions using bitlocker, by default only the boot/system partitions are encrypted
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jarrod731Author Commented:
I love to read "simply"...
So do I encrypt the C:\ partition first and then when it's done, go ahead and encrypt the D:\ partition? Will the TPM chip hold both encryption keys so that it unlocks automatically when rebooted or  starts after a power down or restarts after a semi-forced Windows update?
I'm happy if the C: is encrypted and the key for the D: is held by and read from the C:...just not sure if BitLocker will or is intended to handle this seamlessly?
0
btanExec ConsultantCommented:
You need to encrypt system drive first then the other data volume can kick in. Specifically, two NTFS disk partitions, one for the system volume and one for the operating system volume. The system volume partition must be at least 1.5 gigabytes (GB) and set as the active partition. Note also the key for each separate data volume is store in each volume.

Go for the system EFS is for file encryption while Bitlocker is disk/volume encryption. For you case of encrypting other volume beside the default system drive you done, you should be able to use GUI interface to encrypt data volumes. Pse see
Can I use EFS with BitLocker?

Yes, you can use Encrypting File System (EFS) to encrypt files on a BitLocker-protected drive. BitLocker helps protect the entire operating system drive against offline attacks, whereas EFS can provide additional user-based file level encryption for security separation between multiple users of the same computer. You can also use EFS to encrypt files on other drives that are not encrypted by BitLocker. The root secrets of EFS are stored by default on the operating system drive; therefore, if BitLocker is enabled for the operating system drive, data that is encrypted by EFS on other drives is also indirectly protected by BitLocker.
Will BitLocker encrypt more than just the operating system volume?

BitLocker provides a user interface for the encryption of the entire operating system volume, including Windows system files and the hibernation file. You can optionally use Encrypting File System (EFS) in Windows Vista to protect other volumes. The EFS keys are stored by default in the operating system volume. Therefore, if BitLocker is enabled for the operating system volume, all data that is protected by EFS is also indirectly protected by BitLocker. Additionally, advanced users can encrypt local data volumes using a command-line interface (manage-bde.wsf). In Windows Vista with SP1, after you have encrypted your operating system volume, you can then choose to encrypt additional data volumes through the user interface as an alternative to using the command-line interface.
https://technet.microsoft.com/en-us/library/cc766200(v=ws.10).aspx#BKMK_OS

Using manage-bde for server data volumes
@ https://technet.microsoft.com/en-us/library/cc732725(v=ws.10).aspx#BKMK_S4

Using (only in Windows Vista SP1 and Windows Server 2008 above), encrypt and unlock these data volumes from the BitLocker Control Panel applet @ https://technet.microsoft.com/en-us/magazine/2008.06.bitlocker.aspx
0
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.