Windows Server 2016 and 2012 R2 - Setup and Manage Bitlocker (With and Without TPM)
Author: Windows Ninja
5388 View
10m 34s Lenght
11 Rating
Windows Server 2016 and 2012 R2 - Setup and Manage Bitlocker (With and Without TPM) Having full system and drive encryption is an important part of an organization when it comes to protecting their data and computer security. Even in some parts of the world such is a legal requirment. So, this video shows how to setup Bitlocker Drive Encryption in server 2016 and it is also valid for 2012 R2. This video shows the PowerShell way and also talks about the control panel method. For more visit: http://www.windows10.ninja http://www.servers2016.com Transcript (machine generated so it contains errors) Hi in this video, let's have a quick look that arm how to set a BitLocker on windows server 2016, or in windows server 2012 R2, et cetera the first thing is are we doing in the TPM method, which is the trusted platform module is a chip on your motherboard that will basically store passwords et cetera or are we doing a without it, so we need to check and see if we have a TPM December, click okay, let's go there just typing TPM.MSC. Click on that that brings up this okay if basically, this is empty and it Sayers there's no TPM fine okay if the TPM is thereby has not been prepared and like setup. Click on per TPM the restart and then last you are like, except that the TPM will be initialised and press, I think is and button press F10. It reboots and then it comes up and it shows this again pass word is created for you TPM where you can back it up a you do get a first arm message when you first boot up, after setting up the TPM and you can also basically, shall we say storage again okay I or change passwords et cetera a clear the TPM reset TPM. All these things can be done okay, let's turn that off now so were using the TPM in this instance, the next thing is to basically go ServerManager which is part of their click ServerManager comes up with a larger add roles and features. Next next next. It's a feature and its BitLocker drive encryption add these features you will need to restart, so make sure about arm when you doing this you not running any mission-critical are applications and services et cetera in the background that need to take a hard worker. This last letter restart at the end of this very quickly. It will take a few minutes to set up and then reboot with the we should return to it in a few minutes. Now, were on our basically show you how to do with basically had can I garden let's turn on BitLocker, we've enabled Wales install BitLocker again, the feature now will give you the two options, one that assume you don't have a TPM chip okay. Basically, you need to get a group policy okay, which says GP edit.MSC okay. Click on that it will bring our this window, and then you need to go all the way to basically computer configuration, administrative templates, windows components BitLocker drive encryption operating system drives and then require additional authentication at start-up. Now when you click enabled. If you don't have a TPM chip. Make sure that one is checked. Okay, everything else is fine, and add new click okay. Restart your computer and then you need to run some commands with a TPM chip on this, so we won't enable the group policy, but we will show you what needs to be done okay. Your open our windows PowerShell. Okay, make sure it's run as admin okay, and type in managed – BDE space – protectors – add CEO case for the C drive and then the start-up key were saving it to basically we have a USB stick. Okay, which is the okay press enter. Okay, and then you will need to restart your computer. Okay, and when you restart it checks to see that the key USB stick is installed and that the key is all functional and then when it boots up at the start encrypting your drive. Okay, okay, now let's assume you have a TPM chip. All you really need to do is type and manage BDE and then turn it on for the C drive okay, and that's that. Okay, there we go. So basically it now is a restart okay, and once the restart happens it will check to see whether a TPM is functioning with the key, et cetera and it can be used. Okay, so we'll just click on restart now that when it restarts, you will see this little thing here which says encryption of the drama leave by BitLocker is in progress. If you go over there and Nessus. Click on this PC you will see you now have this a lot. Then once it's fully encrypted, everything gets locked down okay and you should be able to do it in Control Panel in 2012 R2 2016. In its current arm version hasn't quite sorted out yet, but basically what you would have been to was get locker, just type under their okay and it would have gone to a Control Panel option okay taking us to Control Panel. There we go over there all Control Panel items and you should see some were over a year BitLocker okay. It's not quite set up being windows server 2016. Yet both ones it is it's fairly straightforward as a window with all...
If I rent a virtual machine from a service provider can I encrypt that VM using BitLocker?
If yes to either above.... can any external party, including the service provider, access the server (firsthand or via data collection scripts etc) to view what software is installed?