Hi, I currently have a WSE12R2 home file server with a few file shares containing sensitive data. This data is currently being encrypted and backed up to CrashPlan cloud. This same data is being accessed on my LAN by other client PCs.
As I've recently had HDDs fail, I've begun exploring best way to encrypt certain data on my network... also, in the event I'd need to return/replace a HDD under a manufacturer warranty.
I've tried apps in the past like TrueCrypt, that required a tedious process of individual client PCs mounting, updating and unmounting containers.
Was hoping encryption methods have since evolved.
Ok, I have a feeling that this is a larger Windows 10 issue, but I am experiencing this with the Surface Pro 4, the ideal test hardware for anything
Here is what we are trying to accomplish:
Encyrypt our Surface Pro 4's (win 10 Pro) using Hardware-Based Encryption
A) Because it is faster for the SSD to perform the encryption rather than the process, since the SSD is already encrypted
Better battery life (because the processor is not encrypting the volume)
C) Performing software encryption on an already encrypted volume defeats many of the internal optimizations that SSDs have built in (leading to
We have taken stock Surface Pro 4s, straight from the box. No applications or updates have been installed, we have not added to a domain. The only
modification we have made is to the Local Group Policy:
Computer Configuration/Administrative Templates/Windows Components/Bitlocker Drive Encryption/Operating System Drives
*Require additional authentication at startup (Enabled, default options)
*Enable use of BitLocker Aauthentication requireing preboot keyboard input on slates (Enabled, default options)
-Configure use of hardware-based encryption for operating system drives (Enabled, default options)
When I go to enable Bitlocker, I am being provided the prompt to encrypt Used Only, or Whole Drive. From all of the literature I have read, this
prompt indicates Software Encryption. When I select Full Drive, it takes a while (over 10 minutes) to encrypt. Again, from my reading, Hardware
Encryption should be immediate (as everything is already encrypted).
What am I missing? Is there an issue with Hardware Encryption that I have not been able to identify on the Surface Pro 4? Is this an OS issue? Are
there any other troubleshooting steps that I can take a look at? Again, these are stock units, fresh out of the box from Microsoft.
Sources (these are just some, all have been verified using additional sources that repeat the information):
Slower Performance- Hardware Accelerated BitLocker Encryption: Microsoft Windows 8 eDrive Investigated with Crucial M500
Steps to enable encryption- How to Enable BitLocker Hardware Encryption with SSDs
Technet on Why to Hardware Encrypt - Encrypted Hard Drive
GP Settings to Enable Hardware Encryption - Enabling Hardware Acceleration of BitLocker