What happens if you forget your BitLocker PIN or lose the key? We can implement BitLocker recovery process using self-recovery and recovery password retrieval solutions in Windows Server 2016.
There are a few different methods of recovering BitLocker which we’ll cover here.
BitLocker and Secure Boot are important features for a secured Windows operating system to defend against boot and offline attacks. This post will show you how to enable BitLocker to use secure boot for platform and BCD integrity validation.
During the boot process BitLocker will check that the security sensitive boot configuration data (BCD) settings have not been changed since BitLocker was enabled, recovered, or resumed.
This post is part of our Microsoft 70-744 Securing Windows Server 2016 exam study guide series. For more related posts and information check out our full 70-744 study guide.
In this post we’ll show you how to configure BitLocker group policy settings. When you enable BitLocker Drive Encryption a number of default settings will be used, such as the strength of the encryption. We can customize these using Group Policy in an Active Directory based domain, allowing us to control the BitLocker settings that get rolled out to all machines in the domain.
It is certainly ideal to configure BitLocker with TPM if possible, it may be the case that you do not have TPM available but still want to take advantage of BitLocker’s full disk encryption. While this is not possible by default, it is possible after the modification of some group policy settings, which we’ll cover here in order to allow you to deploy BitLocker without a trusted platform module.
BitLocker is Microsoft’s solution to providing full disk encryption. While setting up BitLocker and encrypting your disk you probably want to check and view the progress and see the current status, as it can take quite a long time depending on the size and speed of your disk.
Here we cover how to view the current BitLocker status in both the graphical user interface, and with PowerShell.