Enable Bitlocker On file Server

Ahmed Essam 201 Reputation points
2020-12-13T10:18:50.18+00:00

Hi,

Our Security team decides to use BitLocker encryption on file server disks, my question does it supported or not.
does the user will be able to access the shared files after enables BitLocker.

Thanks

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,458 questions
Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,371 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,127 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,721 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. MTG 1,196 Reputation points
    2020-12-14T15:12:27.537+00:00

    About Alice' comment "After you enable BitLocker, users cannot access the shared files unless the partition where the files are stored is decrypted." - this can be misunderstood. It should read: "before the share will be accessible, the encrypted drive needs to be mounted".
    What that means: the server service (yes, the name of the service that provides these shares is "server") must not start before the encrypted drive has been mounted. Else, the shares will not be accessible. Normally, you will proceed like this: use TPM to encrypt c:, use an autounlock protector with the data drive so that it unlocks automatically right after the system boots - all will be fine.

    1 person found this answer helpful.
    0 comments
  2. Dave Patrick 426.1K Reputation points MVP
    2020-12-13T14:57:14.643+00:00
    0 comments
  3. AliceYang-MSFT 2,081 Reputation points
    2020-12-14T10:12:17.983+00:00

    Hi,

    It’s supported to use BitLocker encryption on file server. You can refer to BitLocker: How to deploy on Windows Server 2012 and later to deploy.

    But you need to check whether the server has a TPM chipset version 1.2 or higher. If it doesn’t have, you need to check Allow BitLocker without a compatible TPM in Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption/Operating System Drives/Require additional authentication at startup in Group Policy Editor.

    After you enable BitLocker, users cannot access the shared files unless the partition where the files are stored is decrypted.

    Please keep your recovery key safe. If possible, make several copies and save them properly. They are critical to your data recovery if an incident happens.

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments