Hello Mr Cheese,
Thank you for your question and for reaching out with your question today.
To achieve the desired implementation of automatically unlocking BitLocker-encrypted drives on your Server 2019 without the need for a user to be logged in to the desktop, you can use the "Auto Unlock" feature of BitLocker. Auto Unlock allows BitLocker-protected data drives to be automatically unlocked on a computer during system startup without requiring any user intervention.
Here's a step-by-step guide on how to set up Auto Unlock for your BitLocker-encrypted external drives:
- Prepare the BitLocker-protected drives on the Windows 10 PC: Ensure that each of the 5 USB external drives has been properly BitLocker-encrypted on the Windows 10 PC. You mentioned that you have already done this, but make sure that you have enabled BitLocker Auto Unlock for these drives as well. To enable BitLocker Auto Unlock on a drive, follow these steps:
- Open an elevated Command Prompt (Run as Administrator).
- Type the following command and press Enter for each of the drives you want to enable Auto Unlock for:
Replacemanage-bde -autounlock -enable <drive letter>:
<drive letter>
with the drive letter of the BitLocker-protected drive.
- Export the BitLocker recovery key: On the Windows 10 PC, where the drives were encrypted, make sure to export the BitLocker recovery key for each of the drives. You will need this information to configure the Auto Unlock feature on the Server 2019.
- Prepare the Server 2019: Now, on your Server 2019 machine, you'll need to do the following: a. Ensure that the BitLocker feature is installed and enabled on the Server 2019. b. Import the BitLocker recovery keys for each of the encrypted drives from step 2. You can do this using the BitLocker Recovery Password Viewer or the
manage-bde
command-line tool. - Configure BitLocker Auto Unlock on the Server 2019: Once you have the BitLocker recovery keys imported on the Server 2019, you can configure Auto Unlock as follows: a. Open an elevated Command Prompt (Run as Administrator). b. Type the following command and press Enter for each of the drives you want to enable Auto Unlock for:
Replacemanage-bde -autounlock -enable <drive letter>:
<drive letter>
with the drive letter of the BitLocker-protected drive. - Reboot the Server 2019: After configuring Auto Unlock, it's a good idea to restart the Server 2019 to ensure the settings take effect.
- Test Auto Unlock: Once the Server 2019 has restarted, you can test the Auto Unlock feature by connecting any of the BitLocker-encrypted drives to the server. The drives should automatically unlock without requiring any user intervention, allowing your backup system to write data to them.
Please note that for Auto Unlock to work, the Server 2019 must have the necessary hardware and BIOS/UEFI settings configured to support the TPM (Trusted Platform Module) and Auto Unlock feature.
Always make sure to back up critical data and verify the backup process to ensure the data integrity and security of your system. Additionally, be cautious with BitLocker recovery keys and keep them secure in a separate location in case they are needed for recovery purposes.
I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.
If the reply was helpful, please don’t forget to upvote or accept as answer.