Jump to content
RESET Forums (homeservershow.com)

Bitlocker and drivepool


peste19
 Share

Recommended Posts

I wanted to enable bitlocker on my whs 2011 server but not really how to proceed with it regarding the pools, dont know really how to encrypt them, for example im not sure if i start the encryption on 1 physical drive if it will corrupt the other drive, i just afraid of losing my information.

 

any help would be appreciated

Edited by peste19
Link to comment
Share on other sites

@peste19, you say you're afraid of losing your information. I hope you have a good backup strategy in place. There should be no reason for you to be afraid of losing information permanently.

Link to comment
Share on other sites

its 1 extra step for security, its backups all of my computer, its has personal data and in case of theft it will be encrypted.

 

The pool is my backup strategy, in case i drive fails i got another, i just afraid of i enable bitlocker incorrectly on the pool that the duplication might corrupt the other drive

Link to comment
Share on other sites

So, if someone steals all your computers, or your house burns down, or you get flooded out, or there's a tornado, or any other disaster, you have no copies of your data, is that correct?

Link to comment
Share on other sites

On StableBit DrivePool, there was a setting to enable bitlocker support on the pooled drives. It's listed as "Legacy" now, so I'm not sure it's needed.

http://wiki.covecube.com/StableBit_DrivePool_Advanced_Settings#Legacy

 

However, that doesn't help with the system drive. Ideally, you'll want to encypt the system drive too. As most hardware doesn't have a TPM module, you'll need to run the security policy hack to enable the "USB" mode, and you will need this USB drive attached to be able to boot from the system.

http://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/

 

After that, just enable bitlocker on all the drives, and should be smooth sailing from there.

Link to comment
Share on other sites

I'm not sure why you would need to enable BitLocker on the system drive if that's all it is - the System Drive: i.e. zero data on it. Am I missing something?

Link to comment
Share on other sites

Paranoia.

Also. if you lock the pooled drives, then they become accessible once the OS boots. Which only protects the data if somebody pulls the drives out and puts them in another system. By *also* locking the system drive means the system can't be booted. Which is good if your server gets stolen. Makes it that much harder to get into your server. :)

 

But yeah, it breaks down to paranoia. Like, legally you are not obligated to give your passwords or bit locker code to law enforcement. Especially if they don't have a warrant.

Link to comment
Share on other sites

OK, making the system non-bootable if stolen is certainly a good reason for locking the system drive. Well, except for the part where MS has a backdoor into the locked drives, so law enforcement could get in anyway. Still, it does protect from anyone except law enforcement or 3-letter agencies.

 

So, to answer the question from my previous post, the answer is, "Yes", I was missing something. :)

Link to comment
Share on other sites

True, but it makes things that much more complicated. And for the security paranoid... it would technically require a warrant. :P

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...