Link to home
Start Free TrialLog in
Avatar of Randy Downs
Randy DownsFlag for United States of America

asked on

Server 2012 BitLocker Encryption - Effect on Clients, Applications, & Shares - NAS

We have a small single server domain and want to encrypt for security with BitLocker. Can Bitlocker be set to keep users from saving decrypted files locally?

I have recommended we do a Windows image backup prior to adding encryption. The servers I have worked with in the past had no issues sharing files within the domain so I am hoping that's true here.

Would it be better to purchase a NAS with its own encryption or use an external RAID connected to the server? One better or more secure than the other?


server - Server 2012 Foundation - I assume it has TPM but I don't see anything in System Devices that flags it as such. TPM is necessary, right? Any way to tell?

A proprietary database application runs on the server.

clients - Windows 7 Pro, Windows 10 Pro
SOLUTION
Avatar of yo_bee
yo_bee
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Randy Downs

ASKER

@yo_bee We only have one server so a lab is not an option. I will definitely ask for an image backup. Thanks for the links. This is a fairly new Dell server so surely TPM is in BIOS.

@David Johnson - Does Active Directory Rights Management Services come with Server 2012 or is that something that needs to be purchased?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Originally my client wanted to encrypt the server and clients with Symantec Endpoint but I suggested he use BitLocker since it's already included in Server 2012 Foundation.

BitLocker should prevent anyone from accessing files if they gain physical access to the server. If all the sensitive files are stored on the server, we wouldn't need to encrypt clients. At least that's our current theory. If we can prevent users from saving files locally that might work, right?

The client has some Windows 10 Pro machines. I don't know if he is amenable to upgrading them but I will check.

The server is a Dell PowerrEdge T110 II and shows as having TPM. I was concerned that I didn't see it in System devices but maybe it only shows up when turned on in BIOS.

There are no notebooks or laptops involved that I know of. Just Windows 7 Pro, Windows 8.1  Pro maybe, & Windows 10 Pro.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks for clarifying McKnife. I do see that it's a weakness to have any machines not running Bitlocker.

To be clear we would be safe if all machines were running BitLocker, right?
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks for all the help. The project has been postponed so I will close this out for now.