HP ProLiant ML310 G3 Server User Manual

IMPORTANT:

The recovery password is required in the event the encrypted disk is moved

to another computer, or changes are made to the system startup information. This password
is so important that HP recommends that you make additional copies of the password and
store it in a safe place apart from the computer to assure access to your data. Your recovery
password is needed to unlock the encrypted data on the volume if BitLocker enters a locked
state. This recovery password is unique to this particular BitLocker encryption. You cannot use
it to recover encrypted data from any other BitLocker encryption session.

7.

Confirm that the Run BitLocker System check box is selected, and then click Continue.

8.

Click Restart Now. The computer restarts and BitLocker verifies if the computer is
BitLocker-compatible and ready for encryption. If it is not, an error message alerting you to
the problem appears.

9.

If it is ready for encryption, the Encryption in Progress status bar appears. You can monitor
the ongoing completion status of the disk volume encryption by dragging your mouse cursor
over the BitLocker Drive Encryption icon in the notification area at the bottom of your screen.

By completing this procedure, you have encrypted the operating system volume and created
a recovery password unique to this volume. The next time you log in, you see no change. If
the TPM ever changes or cannot be accessed and if there are changes to key system files, or
if someone tries to start the computer from a product CD or DVD to circumvent the operating
system, the computer switches to recovery mode until the recovery password is supplied.

For more information regarding BitLocker, see the Microsoft® website: (

http://

technet.microsoft.com/en-us/library/cc732774.aspx

).

To install BitLocker Drive Encryption on Windows® Server 2012 Standard:
1.

Add BitLocker feature from Server manager and reboot the server.

2.

After the operating system boots, log in as administrator, go to Control Panel, click on BitLocker
Drive Encryption, and then click Turn on BitLocker on the operating system volume.

3.

If the User Account Control dialog box appears, confirm the action and then click Continue.
The BitLocker Drive Encryption page appears.

4.

One of the following warning appears:

a.

BitLocker encryption may have a performance impact on your server. If your TPM (Trusted
Platform Module) is not initialized, the TPM Security Hardware wizard appears. Follow
the directions to initialize the TPM. You must restart or shut down your computer for the
changes to occur.

b.

If TPM (Trusted Platform Module) is not available then the following error message is
displayed: This device cannot use a Trusted Platform Moudule. Your
administrator must set the “Allow Bitlocker without a compatible

TPM” option in the “Require additional authentication at startup”

policy for OS volumes

.

To solve this issue:

1.

Press

+R to access the Run command.

2.

Type MMC.

3.

Click File >Add/Remove Snap-in.

4.

Select Group Policy Object Editor under available snap-ins and click Add to selected
snap-ins.

5.

Make sure Local computer is selected and click Finish.

6.

Click OK.

7.

Expand Local computer policy >Computer Configuration >Administrative Templates
>Windows Components>BitLocker Drive Encryption>Operating System Drives, then select
the policy Require additional authentication at startup and enable it.

8.

Click Apply and OK.

18

Post-installation tasks