Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Bitlocker for a physical drive attached to a virtual machine

Answered Bitlocker for a physical drive attached to a virtual machine

  • Sunday, December 23, 2012 10:21 PM
     
     
    Sign In to Vote
    0

    Hi there,

    we have a Server 2008 R2 on a Fujitsu TX200 with a Trusted Platform Module. There are running some virtual machines on it. The physical drives are encrypted by Bitlocker and all virtual machines on it running well by using VHD-Files. But there is one virtual machine with a physical drive attached. Is there anyone, who knows a way to protect the data on this drive?

    Axel

     

All Replies

  • Sunday, December 23, 2012 11:23 PM
     
     
    Sign In to Vote
    0

    Hi there,

    we have a Server 2008 R2 on a Fujitsu TX200 with a Trusted Platform Module. There are running some virtual machines on it. The physical drives are encrypted by Bitlocker and all virtual machines on it running well by using VHD-Files. But there is one virtual machine with a physical drive attached. Is there anyone, who knows a way to protect the data on this drive?

    Axel

    Install TrueCrypt inside this VM for an attached pass-thru disk. 

    http://www.truecrypt.org/

    StarWind iSCSI SAN & NAS

     
  • Monday, December 24, 2012 3:15 AM
    Moderator
     
     Answered
    Sign In to Vote
    1

    Hi,

    BitLocker provides the most protection when used with a Trusted Platform Module (TPM), the TPM is a hardware component installed in newer computer by the computer manufactures.

    On computers that do not have a TPM, you can still use BitLocker to encrypt the Windows operating system drive. However, this implementation will require the user to insert a USB startup key to start the computer or resume from hibernation, and it does not provide the pre-startup system integrity verification offered by BitLocker with a TPM.

    To turn on BitLocker Drive Encryption on a computer without a compatible TPM:

    • You must be logged on as an administrator.
    • You must have a USB flash drive to save the recovery password.
    • We recommend a second USB flash drive to store the startup key separate from the recovery password.

    For more detailed configuration procedure please refer to following MS articles:

    To turn on BitLocker Drive Encryption on a computer without a compatible TPM
    http://technet.microsoft.com/en-us/library/cc766295.aspx#BKMK_S5
    Bitlocker without TPM
    http://blogs.technet.com/b/hugofe/archive/2010/10/29/bitlocker-without-tpm.aspx
    Bitlocker in a Windows 7 Guest running on a Hyper-V R2 environment (or any environment without a TPM)
    http://blogs.msdn.com/b/mszcool/archive/2010/02/03/bitlocker-in-a-windows-7-guest-running-on-a-hyper-v-r2-environment-or-any-environment-without-a-tpm.aspx

    Hope this helps!

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

    Lawrence

    TechNet Community Support

     
  • Thursday, December 27, 2012 6:58 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    I would like to confirm what is the current situation? Have you resolved the problem or do you have any further progress?

    If there is anything that we can do for you, please do not hesitate to let us know, and we will be happy to help.

    Lawrence

    TechNet Community Support

     
  • Saturday, December 29, 2012 4:30 PM
     
     
    Sign In to Vote
    0
    Hi Lawrence, thanks a lot for your help. I will build up a testing environment to see how your provided solution described in the article "Bitlocker in a Windows 7 Guest running on a Hyper-V R2 environment (or any environment without a TPM)" will work. There are a few differences to my requirements: My VM is SBS 2008 The physical drive, which is attached, does not contain any system-data I will try this next week. Best wishes for the New Year! Axel

    Axel Bredow


    • Edited by Bobsin Saturday, December 29, 2012 6:11 PM
    •  
     
  • Monday, December 31, 2012 2:56 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    Have you tried above solution, what’s the feedback? If there is anything that we can help, please feel free to tell us.

    Lawrence

    TechNet Community Support

     
  • Wednesday, January 02, 2013 7:02 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as 'Answered' as the previous steps should be helpful for many similar scenarios.

    If the issue still persists and you want to return to this question, please reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

    In addition, we'd love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems.

    Thanks!

    Lawrence

    TechNet Community Support