Skip to content

Josh's IT-Blog

Information Technology, and other interesting things …

  • Home
  • About
  • Contact
  • Links

BitLocker in a enterprise environment

Posted on 14. April 201116. May 2011 By Burkard Josh No Comments on BitLocker in a enterprise environment
BitLocker, Windows 7

Each System-Administrator knows the problem. Every day a users loses his Notebook or his mobile device. The financial loss is one thing, but lose the the datas and the control who has access to this datas is a disaster for a lot of companies.

To secure your datas from loss some developers created solutions to backup your datas. Another important point is to encrypt your datas in a secure way, so that no one outside your organisation can access your sensitive datas.

The following things should be noted:

  • The datas should be available for all users, wich can authorize them self against the encrypting-mechanisme.
  • Cause a lot of datas are safed on Windows system partition, this partition should encrypted also.
  • All datas should be accessible or recovarable to an administrator team

As a solution to this problem, Microsoft is offering BitLocker for Windows Vista and higher to encryption your partitions. In this and subsequent articles, I consider only BitLocker with Windows 7 and Windows 2008 R2 Server as Vista and Windows 2008 Server are not in use in my environment.

Prerequisites

To active BitLocker, you will need:

  • Vista, Windows 7 – Ultimate or Windows 7 Enterprise Edition
  • Windows 2008 oder Windows 2008 R2
  • Locale Admin-Rights to your notebook / mobile windows device.
  • The encrypted disk should be a Basic Disc (not a Dynamic Disk)
  • To encryt your disk, your notebook must be powered by the power supply and not by battery.

Additional prerequisites are optional, but recomended:

  • TPM 1.2
  • Recovery-Key-Backup to the ActiveDirectory
  • Membership in a Windows Domain

Setup

Backup your Recovery-Keys to ActiveDirectory

Normaly each user with local admin-rights can encrypt his partitions whenever he want. Sometimes the created recovery key get lost and when you need to do a system recovery, he lose access to his datas. This is the reason, why i don’t recommend BitLocker or any other encryption technology to Home-Users.

To prevent that the recovery key get lost, you can define per group policy that user can’t encrypt any drives without saving the recovery key to the Active Directory. To define this create a group policy with this settings:

You can download a detailed configuration guide here:

Document: Drive encryption with Microsoft BitLocker

Share this:

  • Facebook
  • Twitter
  • Email
  • Print
Tags: BitLocker Windows 2008 R2 Windows 7

Post navigation

Next Post: ESXi 4.x: change the blocksize for a partition ❯

Leave a Reply Cancel reply

About

Author Image
My name is Josh Burkard.
I'm a DevOps Engineer working with one of swiss largest telecom and full-service hosting provider. in my work I have a lot to do with Microsoft server operating systems, System Center, VMware, Microsoft Azure Cloud and other software.
On this site I will write some posts about different technology problems and their solutions.
please note also my tweets and retweets from this area.

Follow me on Twitter

My Tweets

Categories

  • General (13)
  • Hardware (9)
    • Network (8)
      • Cisco (2)
    • Storage (2)
  • Microsoft Azure (1)
    • Automation (1)
  • PowerShell (1)
  • Software (1)
    • Excel (1)
  • System Center (19)
    • SCCM (3)
    • SCDPM (1)
    • SCOM (13)
    • SCSM (1)
    • SMA (1)
  • VMware (8)
  • Windows 2008 R2 (10)
    • Active Directory (7)
  • Windows 2012 R2 (1)
  • Windows 2016 (1)
  • Windows 7 (4)
    • BitLocker (1)
  • WordPress (1)

Links

  • Burkard-Fingerlin Family
  • Swisscom (Schweiz) AG
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

About

Author Image
My name is Josh Burkard.
I'm a DevOps Engineer working with one of swiss largest telecom and full-service hosting provider. in my work I have a lot to do with Microsoft server operating systems, System Center, VMware, Microsoft Azure Cloud and other software.
On this site I will write some posts about different technology problems and their solutions.
please note also my tweets and retweets from this area.

Follow me on Twitter

My Tweets

FOLLOW ME ON GITHUB

joshburkard (Josh Burkard)

Josh Burkard

joshburkard
Belgium
https://www.burkard.it
Joined on Jul 10, 2015
13 Public Repositories
0 Public Gists

Copyright © 2023 Josh's IT-Blog.

Theme: Oceanly by ScriptsTown

 

Loading Comments...
 

    loading Cancel
    Post was not sent - check your email addresses!
    Email check failed, please try again
    Sorry, your blog cannot share posts by email.