Link to home
Start Free TrialLog in
Avatar of cfgtechs
cfgtechsFlag for Guam

asked on

R610 servers- enable bitlocker via USB method- drives already have data?

Hi,

am wondering if it is possible to enable bitlocker on a volume with data already written to that volume?  Win2008R2.
ASKER CERTIFIED SOLUTION
Avatar of McKnife
McKnife
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Bitlocker is a whole disk encryption solution that encrypts the entire drive, regardless of the data written to the drive itself. It can encrypt any volume.
Avatar of cfgtechs

ASKER

@McKnife,

so a windows share on the server will not be any different to the user who is accessing the share and it's files after bitlocker has been enabled on the volume where the share come from?
Correct. Bitlocker seemlessly decrypts data once you get past the boot screen that asks for a password or the USB key.
Yes,  correct.
But say, this setup you are talking about, how does it look like? You have a file server  and you want to bitlock it. And how should that unlocking work, you want to use a USB based key? That key would remain plugged in all the time?
@McKnife,

I have R610s that have no TPM add-on, so i would have to keep the USB in - i could keep it plugged in inside the server case, the 610 has an internal USB port in the chassis.

I have a R630 which has a TPM, but not delivered yet, i would set bitlocker up before drives are loaded with files.
Keeping a usb key plugged in offers no protection of any kind. Simply useless.
To use bitlocker on a server without TPM is not recommendable. It would be better to secure the server room physically.
If that can't be done, you could at least move to a network key for your data partitions. Let me know if that sounds sensible to you.
Wait, according to what I can google, the R610 has a TPM, at least a TPM header where you could seat a TPM (that is sold separately).
thanks McKnife!