The following sections cover step-by-step procedures
on how to implement BitLocker by first configuring the system
partitions, installing the BitLocker feature, and then enabling
BitLocker Drive Encryption. The enabling section includes steps for
enabling BitLocker when using TPM hardware, when not using TPM hardware,
and enabling BitLocker on additional volumes beyond the scope of the
volume hosting the operating system. The final step-by-step procedures
include how to utilize the BitLocker recovery password in the event of
an issue and how to remove BitLocker after it has been installed and
configured.
Installing the BitLocker Drive Encryption Feature
Now that the system
partition has been configured, there are different ways to install
BitLocker. Install it during the initial configuration through Server
Manager or through a command prompt. The next sections illustrate how to
execute both of these installations.
Installing BitLocker with Server Manager
To install the BitLocker server role using Server Manager, follow these steps:
1. | Click Start, Administrative Tools, and Server Manager. The Server Manager tools appear.
|
2. | Right-click Features in the left pane of Server Manager, and then select Add Features.
|
3. | On the Select Features page, install BitLocker by selecting BitLocker Drive Encryption in the Features section, as shown in Figure 1, and then click Next.
|
4. | On
the Confirm Installation Selections page, review the roles, services,
and features selected for installation, and then click Install to
initiate the installation process.
|
5. | Ensure the installation succeeded by reviewing the messages on the Installation Results page, and then click Close.
|
6. | After the BitLocker feature has finished installing, restart the system.
|
Note
Alternatively, the
BitLocker Drive Encryption feature can also be installed by selecting
Add Features in the Initial Configuration Tasks Wizard.
Installing BitLocker via the Command Line
Another
alternative to installing BitLocker is via the command line
(PowerShell). This methodology should be reserved for branch office
implementations using Windows Server 2008 R2 Server Core installation
because a graphical interface to manage the server does not exist. To
install the BitLocker feature using PowerShell, follow these steps:
1. | From within a PowerShell console session, execute the ImportSystemModules function.
|
2. | After the PowerShell has finished loading all of the system modules, execute the following command: Add-WindowsFeature BitLocker.
|
3. | After the BitLocker feature has finished installing, restart the system.
|
Configuring the System Partitions for BitLocker
As mentioned earlier, one of
the prerequisite tasks when configuring an operating system for
BitLocker is configuring a nonencrypted active partition also referred
to as a system partition. In Windows 7 and Windows Server 2008 R2, the
necessary disk partitions are automatically created when Windows is
installed.