Jump to content
RESET Forums (homeservershow.com)

Full drive encryption?


scottbakertemp
 Share

Recommended Posts

If you read that article, you will see 3 scenarios for BitLocker: TPM without a PIN, TPM with a PIN, and no TPM at all. If BitLocker won't let you set it up on the laptop without using the TPM, you should be able to disable TPM in the BIOS and then set up BitLocker.

Link to comment
Share on other sites

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

  • scottbakertemp

    15

  • jmwills

    12

  • jeffla

    7

  • ikon

    17

My best option so far has been to zip up our tax returns / financial data and password protect those archives. I'm leaning towards not entering into the whole drive encryption idea. Knowing my technical skills, I would lock myself out of my drives and lose all my data.

Link to comment
Share on other sites

Ok, that makes sense. Now what happens when you were using the TPM and a usb key. The motherboard fails, how do you retrieve the data on that drive without the TPM since that motherboard died.

 

Drive encryption scares me. I want to secure my sensitive data (tax returns..) but fear that I will forever lock myself out. I have been reading quite a bit about bitlocker and see you set up a recovery password. I assume with that recovery password, if my NON TPM enabled bitlocker drive is removed from a failing computer, I could recover the info...right?

 

Using BitLocker with TPM, if the mobo fails, you're out of luck. You better hope you have a good backup you can read.

 

Using BitLocker without a TPM, you should be able read the drive in any system, provided you have the key.

Link to comment
Share on other sites

ok, It's settled. Drive encryption is not for me. I'm sticking to password protected zip files. Seems like too much of a pain to keep a usb drive handy any time I need to reboot my machine. Then keep that usb drive "safe" so it is not stolen with my computer. My tax returns, financial data is just not that important to worry about past zipping them and slapping a password on it.

Link to comment
Share on other sites

Ok, that makes sense. Now what happens when you were using the TPM and a usb key. The motherboard fails, how do you retrieve the data on that drive without the TPM since that motherboard died.

 

Drive encryption scares me. I want to secure my sensitive data (tax returns..) but fear that I will forever lock myself out. I have been reading quite a bit about bitlocker and see you set up a recovery password. I assume with that recovery password, if my NON TPM enabled bitlocker drive is removed from a failing computer, I could recover the info...right?

 

It would be awesome if the home server show guys could get someone that really knows about bit locker to explain all this on the show. It looks like the SMART add in developer is about to release a bitlocker add in for WHS 2011.

Edited by scottbakertemp
Link to comment
Share on other sites

OK - I tried bitlocker again on a WHS2011 VM. This time I created a secondary drive, created a share on it, and then encrypted the drive. It looks like you can still access the share over the network even with the drive locked - even after a server restart. So I guess that should do it. Maybe I made it too complicated. I did not use a USB key or a TPM - just a password.

 

So if someone takes the drive out they're out of luck. If they take my server and a client they would have to reset the user password on a client to get logged in (assuming those tools on the web work) and then the user password wouldn't match the server share password.

 

I guess the only question left is can someone get logged into a WHS 2011 box without the password? I suppose if you encrypt the OS drive they still can't get in but as far as I can tell you have to have a TPM for that.

Edited by scottbakertemp
Link to comment
Share on other sites

OK - so I finally figured out how to encrypt the OS drive in WHS 2011 without a TPM using these instructions:

http://www.pctips3000.com/how-to-enable-bitlocker-without-tpm-chip-in-windows-7/

 

This does NOT work in virtual box as you have to be able to boot from the USB flash drive. My old slow test PC running WHS 2011 is in the process of encrypting the c drive. I'll report back tomorrow on how it goes. :)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×
×
  • Create New...