Bitlocker on 2012 file server

We have a Windows 2012 Standard file server with the OS installed on the C drive, and data on the E drive.  We would like to use BitLocker to encrypt the E drive which contains data and file shares.

By enabling BitLocker on the E drive, what implications would this have on accessing the data on the file shares over the network?  When restarting the server, would we need to unlock the encrypted volume each time?

Thanks.
lighthousekeeperAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
Hi.

"what implications would this have on accessing the data on the file shares over the network?" - no implications. As long as you make sure to start the server service (that service is responsible for granting access to the shares) start after the volume is mounted and not before, all is as before.
"When restarting the server, would we need to unlock the encrypted volume each time?" - That depends. If you use a TPM, you can choose the transparent operation mode. That means, the TPM is the sole protector and no key needs to be provided, it can start hands free.
lighthousekeeperAuthor Commented:
Thanks.  What options do we have for transparently opening the encrypted drive without using TPM?
stealth82Commented:
Hi have you looked at bitlocker with MBAM? comes with mdop. you can automate it so that as Long as the server is on your domain network it will boot into Windows.
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

McKnifeCommented:
Not many. First, make sure you have no tpm. If not, could your mainboard be equipped with one? Some mainboards have a tpm header to let you solder a tpm optionally afterwards.

If really no tpm is possible (then it's no server class mainboard, anyway), you will need to fetch the key automatically via network like this:
Setup a scheduled task that communicates with another server on startup and gets the key, mounts the partition and restarts the server service to make the sahres accessible. That' is posible, we have been doing this for years. If your machine gets stolen, it gets removed from your network and the thieves have no access to the key.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
McKnifeCommented:
@stealth82 - not quite. To do this, we need to be equipped with:
-server 2012 as DC + hardware that has UEFI integrated preeboot DHCP access + again... a TPM.
stealth82Commented:
yep sorry I missed that. without a tpm you are forced to use a flash drive or as you suggested
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.