Step-By-Step Guide to Implement and Configure BitLocker Drive Encryption on Windows Server 2012 R2

In the first part of this guide you will learn how to install the BitLocker Drive Encryption feature on a Windows Server 2012 R2.

  1. Log on to Example-Server01.
  2. On the Start screen click Server Manager.
  3. On the Server Manager window, click Manage on the top right and from the menu select Add Roles and Features.
  4. On the Before you begin page, click Next.
  5. On the Select installation type page, select Role-based or feature-based installation and click Next.
  6. On the Select destination server page, select Select a server from the server pool and then select Example-Server01.Example.com from the Server pool in the middle table and click Next.
  7. On the Select server roles page, click Next.
  8. On the Select features page, select BitLocker Drive Encryption from the list and in the new dialog box select Include management tools (if applicable) and click Add Features.
  9. On the WDS page, click Next.
  10. On the Select role services page, click Deployment Server and Transport Server and click Next.
  11. On the Confirm installation selections, Click Install.
  12. Once the installation finished successfully, click Close.

In the next section of this guide you will learn how to enable BitLocker Drive Encryption on a virtual machine running Windows Server 2012 R2 and also allow additional authentication at startup.

  1. Log on to Example-Server01 and on the Start screen type gpedit.msc and press Enter.
  2. Navigate to Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption/Operating System Drives and on the right pane double click Require additional authentication at startup.
  3. On the new window change the setting to Enabled and click OK.
  4. Go to Control Panel > System and Security > BitLocker Drive Encryption and beside drive C click Turn on BitLocker.
  5. On the Choose how you want to unlock this drive page, click Use a password to unlock the drive and type P@ssw0rdBL in both password fields.
  6. On the How do you want to back up your recovery key? page, click Save to a file and select \\Example-Server02\C$ as the location and click Save and then click Next.
  7. On the Are you ready to encrypt this drive? Page, click Start encrypting to begin the BitLocker encryption process.

If you are interested in security and you want more of these detailed step-by-step guides, you could have a look at my recently published ebook by clicking on the book cover below:

Security_on_Windows_2012

Leave a Reply

Your email address will not be published. Required fields are marked *