About Alice' comment "After you enable BitLocker, users cannot access the shared files unless the partition where the files are stored is decrypted." - this can be misunderstood. It should read: "before the share will be accessible, the encrypted drive needs to be mounted".
What that means: the server service (yes, the name of the service that provides these shares is "server") must not start before the encrypted drive has been mounted. Else, the shares will not be accessible. Normally, you will proceed like this: use TPM to encrypt c:, use an autounlock protector with the data drive so that it unlocks automatically right after the system boots - all will be fine.
Enable Bitlocker On file Server
Hi,
Our Security team decides to use BitLocker encryption on file server disks, my question does it supported or not.
does the user will be able to access the shared files after enables BitLocker.
Thanks
3 answers
Sort by: Most helpful
-
MTG 1,196 Reputation points
2020-12-14T15:12:27.537+00:00 -
Dave Patrick 426.1K Reputation points MVP
2020-12-13T14:57:14.643+00:00 These ones may help.
https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server
https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-frequently-asked-questions--please don't forget to Accept as answer if the reply is helpful--
-
AliceYang-MSFT 2,081 Reputation points
2020-12-14T10:12:17.983+00:00 Hi,
It’s supported to use BitLocker encryption on file server. You can refer to BitLocker: How to deploy on Windows Server 2012 and later to deploy.
But you need to check whether the server has a TPM chipset version 1.2 or higher. If it doesn’t have, you need to check Allow BitLocker without a compatible TPM in Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption/Operating System Drives/Require additional authentication at startup in Group Policy Editor.
After you enable BitLocker, users cannot access the shared files unless the partition where the files are stored is decrypted.
Please keep your recovery key safe. If possible, make several copies and save them properly. They are critical to your data recovery if an incident happens.
----------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.