Bitlocker windows 2008 r2

When you back up data to a removable drive, the data have the right to be accessed by any computer system the drive is associated to. This is of worry for drives that are stolen, lost or preserved in offsite places. BitLocker protects a removable drive from unauthorized access by encrypting the drive and locking it. Only once the drive is unlocked, have the right to the data on it be accessed.

You watching: Bitlocker windows 2008 r2

BitLocker is a Microsoft encryption solution that is sustained by v8.3 and later for System Protection, Data Protection and Documents Archiving backups to removable drive desticountries.

How offers BitLocker

This area defines exactly how implements BitLocker tricks and also passwords to unlock encrypted drives. requires an unlocked drive to backup, regain and also recoup data. An unlocked drive will lock itself again if the drive is removed or if the server it is associated to is restarted.

Sexactly how even more

A drive can be unlocked by:

Manually entering a password that was provided as soon as the drive was encrypted. Providing the encryption essential that was developed for the drive throughout the encryption procedure.

Encryption key

When a drive is encrypted, BitLocker creates an encryption key for that specific drive. The essential is saved to a USB flash drive, and also offered by to unlock that drive each time the backup project runs.

Due to the fact that of server restarts and also media rotations, it need to be assumed that an encrypted drive is constantly locked when a backup project runs. For this factor – the USB flash drive containing the encryption keys should always be associated to the server as soon as a backup job backs as much as an encrypted destination.

The USB flash drive will certainly contain an encryption vital for each drive that is encrypted, and also should be provided to store the encryption keys for all backup jobs on that server. Each server backing approximately encrypted drives need to have its very own USB flash drive.

Note: ">Note: The USB flash drive containing the encryption key should never be stored via the encrypted drive.


When you develop a backup project through BitLocker selected, you will be asked to provide a password. This password can be provided to manually unlock the drives that were encrypted by the backup job. The BitLocker password have to condevelop to demands mentioned by the team plan, which might encompass minimum and also maximum length demands.

When you enter a password to unlock a drive, it need to be the password that the backup task supplied to encrypt the drive. cannot retrieve the password if it is shed or forobtained.If you change the password after having provided it to prepare exterior drives – the brand-new password will certainly just use to drives that are prepared after the password was changed. It is said that all drives are all set aacquire so that the brand-new password is applied to all drives supplied by the backup job


BitLocker deserve to use USB External drives as both backup desticountries and storage tools for encryption secrets. For clarity and also finest exercise, this record explained USB External drives as storage for backups and USB flash drives as storage for encryption keys.

Unlocking a drive allows you to access the data on a drive however does not decrypt the drive. It is the sectors on the drive that are encrypted, not the information itself. BitLocker Support

Operating systems supported:

Windows Server 2016 Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 R2

Backup kinds supported

  System Protection Documents Protection Data Archiving
BitLocker encryption Yes Yes Yes
Alterindigenous encryption None None Zip File Encryption

Backup destinations supports

  File container External disk RDX Drive Flash Drive
BitLocker encryption No Yes Yes Documents Archiving only


How to install BitLocker

BitLocker is consisted of as an installable function in Window Server 2008R1/R2 and also 2012R1/R2. By default, BitLocker is not installed but it deserve to be included from the Windows Server features list. Adding BitLocker will not encrypt any drives, it will simply make BitLocker available as an alternative for System Protection backups.

BitLocker Installation actions
To install BitLocker on Window Server 2012 / Server 2012 R2


Open Server Manager. Select Add Roles and Features from the Manage food selection. Progress to the Features list under Select features. Tick BitLocker Drive Encryption. Other roles and features compelled for Windows to usage BitLocker will be immediately selected. Select Add features. Select Next Select Install. To install BitLocker on Window Server 2008 / Server 2008 R2


Open Server Manager. Select the Add features option from the Features Summary Help food selection. Tick BitLocker Drive Encryption. Select Install.

Note: ">Note: After installing the BitLocker, Windows may require a rebegin before BitLocker have the right to be provided. If a reboot is forced, it will indicated at the finish of the install procedure.

How to develop a BitLocker backup job

This area explains just how to create a backup project that uses BitLocker encryption. A backup task implements BitLocker using 3 of the backup task development steps: Desticountry media wbelow BitLocker is schosen, Set up destination wbelow BitLocker is configured and also Prepare media wright here the removable drive is encrypted.

Sjust how even more

The Pre-requisites

You must be making use of Windows Server for the BitLocker function to show up. BitLocker must be installed, as described in the previous area. Your backup destination must be an External drive or RDX drive. File Archiving likewise supports Flash drive desticountries. A USB flash drive is required to keep the encryption essential.

The steps

Follow these actions to use BitLocker encryption once you produce a backup job:

Destination Media

This action is where you select Enable BitLocker encryption.

The Enable BitLocker encryption choice will:

Appear if you are running on a Windows Server Be selectable when you choose a supported removable drive as a backup location. Be greyed-out if BitLocker is not set up. Set up destination

This step is supplied to select the location media and also Bitlocker encryption.


The adhering to two areas are offered to carry out BitLocker configuration indevelopment.

BitLocker encryption essential location: this is supplied to recognize the USB flash drive that the BitLocker encryption crucial is saved to. You deserve to usage the Detect option to recognize the drive, or usage the drop down list to select the Drive letter that has been alsituated to the USB flash drive. Password for encrypted backup drive: this field is wbelow you enter the password that have the right to be used to manually unlock any kind of drive that was encrypted by this backup job.

Selecting Safely eject the tough drive after the backup has actually been completed, is an excellent means to lock the drive after the backup has been completed.

Prepare media

This action is provided to prepare each of the drives that the backup task will certainly usage. By default, it will certainly display drives based on the backup schedule.


When you select the Prepare switch next to each drive, that drive will be labeled by and selected for BitLocker encryption.

See more: Bitlocker Vhd - How To Open Using Control Panel & Recovery Key

The encryption process will certainly not begin until the backup job has been developed. It is recommended that you prepare all of your drives so that they deserve to be encrypted. If the required drive is not encrypted once the backup job runs, the backup task will certainly fail. Next off Steps

This is the last screen in the backup job development procedure, and also comes after you have actually named the backup project. If you have actually selected BitLocker Encryption, tbelow will be a tick box for - Launch BitLocker encryption tool.

When you choose Finish, the backup project will certainly be created and the BitLocker encryption tool will instantly begin and begin encrypting the drives that you Prepared in the Prepare media step.

When you choose Finish, the backup project will be created and the BitLocker encryption tool will open. When you pick the begin icon beside a drive that you ready, and the encryption process will certainly start. If you depick this box, the drives will not be encrypted. If the backup project runs and its drive has actually not been encrypted, the backup job will fail.

During the encryption process, the drive’s encryption crucial is saved to the USB flash drive and also the password is assigned to the drive. The vital will certainly be saved as a surprise mechanism file.

If you want to prepare even more drives after the encryption procedure has finiburned, you have the right to as follows:

Select the Backup tab"s Manage food selection. Select the backup job and also choose Edit from the lower menu. Select Prepare media from the job menu. Select Prepare for each drive that you want to encrypt. Select the BitLocker encryption tool utilizing the link inside the window.

The BitLocker Encryption tool will open up and begin the encryption procedure.

The BitLocker encryption tool

If you create a backup project with Enable BitLocker encryption schosen, there will certainly be a action at the end of the project development dubbed Next off steps which will open up the BitLocker encryption tool as soon as you select Finish. The tool is offered to encrypt the drives that the backup task will usage. This should be done prior to the backup task runs, bereason if an unencrypted drive is used for a BitLocker backup job, the job will certainly fail.

Sexactly how more


If you complete developing the backup job without encrypting the drives, you have the right to open the BitLocker encryption tool by going to the Back-up tab"s Manage menu, opening the backup project and also picking Prepare media from the optimal menu. This will certainly open up the Prepare media dialog, which has a link to the BitLocker encryption tool.

The BitLocker encryption tool have the right to run in the background after has actually been closed. The encryption process will certainly tell you just how much has actually been encrypted and just how long the procedure will take. You have the right to encrypt more than one drive at a time, reducing the total time required to encrypt your set of ready drives.

The encryption tool has 4 action butloads, which will come to be available as soon as the drive is attached:

Refresh and display any kind of new drives that have been attached Start an encryption process that has been pasupplied Pause the encryption process. Eject the removable drive. You cannot eject a drive that is being encrypted.

Note: ">Note: If you perform not resume a paoffered encryption, the drive will be partially encrypted. A partially encrypted drive have the right to still be accessed in Windows yet it cannot be provided as a backup location for a BitLocker task. To decrypt the encrypted component of the drive, open BitLocker from the Windows Control Panel, select the drive and click Turn off BitLocker.

Note: ">Note: If you have actually previously encrypted a drive using the Windows BitLocker UI, you have to unlock the drive before preparing (encrypting) the drive utilizing

How to reclaim from an encrypted drive

When you percreate a regain from an encrypted drive, you can offer the restore job access to the information by giving the password as soon as prompted throughout the reclaim process, or by inserting the encryption vital before the reclaim process starts.

Sexactly how even more

Using the password.

If the encryption vital is not detected, you will be motivated for the password once the reclaim task tries to accessibility the backup. Entering the password will allow you to accessibility the information as long as the password is the one that was assigned when the drive was encrypted. For example, if you are using the Integrated Restore Console, you will be motivated to enter the password when you choose Resave at the incredibly last action.

Using the encryption key

To unlock an encrypted drive using the essential, attach the USB flash drive to the server running will usage the crucial to unlock the drive that you are restoring from. You will certainly not be triggered to carry out anypoint various other than the normal restore procedures.

How to recoup from an encrypted drive

When you percreate a recovery, you MUST usage the password to accessibility an encrypted drive. The RecoverAssist media will certainly boot the system and also ask for the location of the image backup that you desire to recoup from. When you select the encrypted drive, you will certainly be prompted to enter the password. cannot retrieve the password if it is lost or foracquired.

Drive encryption duration

BitLocker encrypts the drive that the backup resides on at the sector level. This implies you just need to encrypt the drive when, however because all the encryption takes place up front, it can take a lengthy time. Microsoft estimates that BitLocker encryption have the right to take 1 minute per 500mb, so you should plan once to percreate the encryption based upon the indevelopment below.

Sjust how more

How long the encryption process takes depends on:

The dimension of the drive The performance of the drive and the server The operating device you are using How much data is on the drive (for Windows 2012)

If you are using Windows 8 or Windows Server 2012 and also later on, BitLocker will just encrypt the supplied space. It does not encrypt unprovided disk space or disk room containing deleted documents. This makes the procedure very rapid once there is not much data on the drive.

Encryption time examples

The below table offers examples for how long the encryption process could take in various scenarios, using cautious estimates.

Windows Server 2012

Disk Size Duration
New disk 1 - 5 minutes
1 TB Drive through 300 GB used 10 hours
2 TB Drive with 1.5 TB used 50 hours

Windows Server 2008

Disk Size Duration
500 GB Drive 17 hours
1 TB Drive 33 hours
2 TB Drive 67 hours

To learn even more, see the Microsoft BitLocker FAQ

Windows BitLocker Pop up message

When an encrypted drive is attached to a server that is logged on, Windows will display screen a pop-up message to tell you that the drive is easily accessible and also a password is compelled to accessibility it. Having a USB drive via an encryption vital means you perform not need to respond to this prompt for your backup project to proceed.

This message will have no affect on your backup task. You do not have to enter the password as lengthy as you have actually the USB flash drive with the encryption crucial attached.

See more: Iphone Restore Error 3600 - How To Fix Itunes Error 3600


Because this is a Windows security pop-up, and because it demands to be permitted to show up for encrypted drives that are not controlled by, it’s crucial to understand just how the message uses to

If you watch this message, you can choose Cancel and disregard it. Your backup task will not be affected bereason the encryption essential will certainly be offered to unlock the drive. If you enter the password into the pop-up and tick Automatically unlock on this computer from currently on, the pop-up will certainly not show up aget. However before, this suggests that the drive will certainly be instantly unlocked eextremely time it is attached. For defense reasons, we recommfinished that you usage the encryption vital on the USB flash drive to unlock the drive rather than have actually it auto unlock. Using the encryption key suggests the drive is only unlocked while the backup job is running. The key unlocks the drive when the backup starts and, if you have the drive set to eject, it will certainly be locked aget once the drive ejects at the end of the backup task. Using the password auto unlock suggests the drive will be unlocked for as lengthy as it is attached to the server.