Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Note: Forums will be making significant UX changes to address key usability improvements surrounding search, discoverability and navigation. To learn more about these changes please visit the announcement which can be found HERE.
Windows Server TechCenter >
Windows Server 2008 R2 Enterprise and Bitlocker on DC

Answered Windows Server 2008 R2 Enterprise and Bitlocker on DC

  • Monday, February 11, 2013 10:26 AM
     
     
    Sign In to Vote
    0

    Hello,

    I would like to know if its a good idea/possible to run Bitlocker on a Domain Controller that has a few VM machine running on it. 
    Would there be any  ramifications/possible drawbacks?

    Thank you.


     

All Replies

  • Monday, February 11, 2013 11:01 AM
     
     Answered
    Sign In to Vote
    0

    Hiya,

    why would you want to encrypt your server volumes? Concerned about physical hard disk theft of your server(s)?

    Unless you have a direct threat that relates to the above or a specific requirement, I wouldn't recommend to implement drive encryption on a server.

    My justification for not recommending that, is that your adding unnecessary administrative as well as performance overhead on your server. Which would result in decreased performance, with no added value.

     
  • Monday, February 11, 2013 11:53 AM
     
     Answered
    Sign In to Vote
    0
    The recommended practice for BitLocker configuration on an operating system drive is to implement BitLocker on a computer with a TPM version 1.2 and a Trusted Computing Group (TCG)-compliant BIOS implementation, plus a PIN. By requiring a PIN that was set by the user in addition to the TPM validation, a malicious user that has physical access to the computer cannot simply start the computer.

    http://www.arabitpro.com

     
  • Monday, February 11, 2013 12:36 PM
     
     Answered
    Sign In to Vote
    0

    The ramifications / drawbacks are:

    1. You will have another encryption key to backup
    2. You will have some performance degradation (exactly how much depends on your hardware and server loads)
    3. You will need to account for bitlocker when doing updates / reboots - sometimes you may need physical / KVM access to reset a bitlocker lockout
     
  • Monday, February 11, 2013 3:04 PM
     
     
    Sign In to Vote
    0

    I suppose that you can do this. But what value will this add?