Windows Server 2016 and 2012 R2 – Setup and Manage Bitlocker (With and Without TPM) VIDEO TUTORIAL

Windows Server 2016 and 2012 R2 - Setup and Manage Bitlocker (With and Without TPM) VIDEO TUTORIAL

  Having full system and drive encryption is an important part of an organization when it comes to protecting their data and computer security. Even in some parts of the world such is a legal requirment. So, this video shows how to setup Bitlocker Drive Encryption in server 2016 and it is also valid for 2012 R2. This video shows the PowerShell way and also talks about the control panel method.

Please watch the video to see the above (to translate, click the Subtitle box in the YouTube video and then click Settings and language, as in this picture):

subtitles

 
Transcript (machine generated so it contains errors)
 
Hi in this video, let's have a quick look that arm how to set a BitLocker on windows server 2016, or in windows server 2012 R2, et cetera the first thing is are we doing in the TPM method, which is the trusted platform module is a chip on your motherboard that will basically store passwords et cetera or are we doing a without it, so we need to check and see if we have a TPM December, click okay, let's go there just typing TPM.MSC. Click on that that brings up this okay if basically, this is empty and it Sayers there's no TPM fine okay if the TPM is thereby has not been prepared and like setup. Click on per TPM the restart and then last you are like, except that the TPM will be initialised and press, I think is and button press F10. It reboots and then it comes up and it shows this again pass word is created for you TPM where you can back it up a you do get a first arm message when you first boot up, after setting up the TPM and you can also basically, shall we say storage again okay I or change passwords et cetera a clear the TPM reset TPM.


All these things can be done okay, let's turn that off now so were using the TPM in this instance, the next thing is to basically go ServerManager which is part of their click ServerManager comes up with a larger add roles and features. Next next next. It's a feature and its BitLocker drive encryption add these features you will need to restart, so make sure about arm when you doing this you not running any mission-critical are applications and services et cetera in the background that need to take a hard worker. This last letter restart at the end of this very quickly. It will take a few minutes to set up and then reboot with the we should return to it in a few minutes. Now, were on our basically show you how to do with basically had can I garden let's turn on BitLocker, we've enabled Wales install BitLocker again, the feature now will give you the two options, one that assume you don't have a TPM chip okay. Basically, you need to get a group policy okay, which says GP edit.MSC okay. Click on that it will bring our this window, and then you need to go all the way to basically computer configuration, administrative templates, windows components BitLocker drive encryption operating system drives and then require additional authentication at start-up.


Now when you click enabled. If you don't have a TPM chip. Make sure that one is checked. Okay, everything else is fine, and add new click okay. Restart your computer and then you need to run some commands with a TPM chip on this, so we won't enable the group policy, but we will show you what needs to be done okay. Your open our windows PowerShell. Okay, make sure it's run as admin okay, and type in managed – BDE space – protectors – add CEO case for the C drive and then the start-up key were saving it to basically we have a USB stick. Okay, which is the okay press enter. Okay, and then you will need to restart your computer. Okay, and when you restart it checks to see that the key USB stick is installed and that the key is all functional and then when it boots up at the start encrypting your drive. Okay, okay, now let's assume you have a TPM chip. All you really need to do is type and manage BDE and then turn it on for the C drive okay, and that's that. Okay, there we go. So basically it now is a restart okay, and once the restart happens it will check to see whether a TPM is functioning with the key, et cetera and it can be used.


Okay, so we'll just click on restart now that when it restarts, you will see this little thing here which says encryption of the drama leave by BitLocker is in progress. If you go over there and Nessus. Click on this PC you will see you now have this a lot. Then once it's fully encrypted, everything gets locked down okay and you should be able to do it in Control Panel in 2012 R2 2016. In its current arm version hasn't quite sorted out yet, but basically what you would have been to was get locker, just type under their okay and it would have gone to a Control Panel option okay taking us to Control Panel. There we go over there all Control Panel items and you should see some were over a year BitLocker okay. It's not quite set up being windows server 2016. Yet both ones it is it's fairly straightforward as a window with all the drives displayed in you can turn off bars et cetera on the drive. I get so were you saying PowerShell, which is great enough okay and I'll just check the status so it again manage BDE – status okay, and this is basically telling us add this point okay encryption is in progress, says darn the .3% okay. Once it's all sorted out. It will say encrypted & protection status production is on key protector is a list of states of the year is on the TPM.


If we had followed the previous command. It would have been saved to the USB stick and the key potatoes would have been mentioned as their okay now. If we want to shall we say, turn off on C drive it as simple as this managed – BDE – half and C drive. Click that decryption is now in progress basically, it's now encrypting or decrypting my hard disk okay, and at the same time, you can use the technique to manage BDE on that if you are a year, the drive E drive F drive. Whatever you know is look at the status okay decryption progress. It will take some time one says back there. Every play is fine, so in this video will show you how to set up your TPM okay the TPM and running with also showed you how to arm installed the BitLocker feature have the computer restarts okay. Has been restarted arm holes are shown how to basically use other USB key for the protectors or use your TPM chip for the projectors and then how to turn on BitLocker drive encryption and also turned off.


Okay if at any point you have any questions or queries regarding this, you can just type that any gives you all the different in options that you can use with dad manage BDE example, you can cause can lock okay. You can unlock encrypted data, and you can also do a lot, lot more change the passwords et cetera okay, so the PowerShell version is very, very strong, very nice arm, the GUI version in control panel is also quite nice. It doesn't quite reach server to 16. Yet when 2012. It is functioning fully out. Hopefully this video is felt. Thank you for watching


Visit our YouTube channel: https://www.youtube.com/channel/UCFj1BHYIUYfPWPb1Xn5qFIg