Information Technology Reference
In-Depth Information
Windows Server 2012 R2 supports two different types of file and disk encryption: BitLocker
and the Encryptying File System (EFS). BitLocker uses a Trusted Platform Module (TPM) ver-
sion 1.2 or later when available to provide whole-disk encryption, but can use a removable
USB key when a TPM is not available. EFS is useful for user-level file and folder encryption on
both client computers and remote file servers.
This objective covers how to:
■
Configure BitLocker encryption
■
Configure the Network Unlock feature
■
Configure BitLocker policies
■
Configure the EFS recovery agent
■
Manage EFS and BitLocker certificates, including backup and restore
To enable BitLocker encryption on Windows Server, you need to install the BitLocker feature.
Furthermore, all disks encrypted with BitLocker must use the NTFS file system. To do this in
Server Manager, select Add Roles And Features and then follow these steps:
Select Role-Based Or Feature-Based Installation.
1.
On the Select Features page, select BitLocker Drive Encryption. You'll be prompted to
add additional supporting features, as shown in Figure 2-30.
2.
FIGURE 2-30
The Add Features That Are Required For BitLocker Drive Encryption? page