Bitlocker on 2012 file server

We have a Windows 2012 Standard file server with the OS installed on the C drive, and data on the E drive.  We would like to use BitLocker to encrypt the E drive which contains data and file shares.

By enabling BitLocker on the E drive, what implications would this have on accessing the data on the file shares over the network?  When restarting the server, would we need to unlock the encrypted volume each time?

Thanks.
lighthousekeeperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
Hi.

"what implications would this have on accessing the data on the file shares over the network?" - no implications. As long as you make sure to start the server service (that service is responsible for granting access to the shares) start after the volume is mounted and not before, all is as before.
"When restarting the server, would we need to unlock the encrypted volume each time?" - That depends. If you use a TPM, you can choose the transparent operation mode. That means, the TPM is the sole protector and no key needs to be provided, it can start hands free.
0
lighthousekeeperAuthor Commented:
Thanks.  What options do we have for transparently opening the encrypted drive without using TPM?
0
stealth82Commented:
Hi have you looked at bitlocker with MBAM? comes with mdop. you can automate it so that as Long as the server is on your domain network it will boot into Windows.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

McKnifeCommented:
Not many. First, make sure you have no tpm. If not, could your mainboard be equipped with one? Some mainboards have a tpm header to let you solder a tpm optionally afterwards.

If really no tpm is possible (then it's no server class mainboard, anyway), you will need to fetch the key automatically via network like this:
Setup a scheduled task that communicates with another server on startup and gets the key, mounts the partition and restarts the server service to make the sahres accessible. That' is posible, we have been doing this for years. If your machine gets stolen, it gets removed from your network and the thieves have no access to the key.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
McKnifeCommented:
@stealth82 - not quite. To do this, we need to be equipped with:
-server 2012 as DC + hardware that has UEFI integrated preeboot DHCP access + again... a TPM.
0
stealth82Commented:
yep sorry I missed that. without a tpm you are forced to use a flash drive or as you suggested
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.