BitLocker support

Published: February 24, 2011

Applies To: Windows Small Business Server 2011 Standard

BitLocker® Drive Encryption is an integral security feature in Windows SBS 2011 Standard. It helps protect the operating system and the data that is stored on your server. BitLocker helps ensure that the data stored on your server remains encrypted, even if the computer is tampered with while the operating system is not running. This helps protect against "offline attacks" (attacks made by disabling or circumventing the installed operating system) or by physically removing the hard disk drive to attack the data separately.

BitLocker uses a Trusted Platform Module (TPM) to help provide enhanced protection for your data and to help assure early boot component integrity. By encrypting the entire volume, BitLocker helps protect your data from theft or from unauthorized viewing.

BitLocker is for systems that have a compatible TPM microchip and BIOS. A compatible TPM is defined as a version 1.2 TPM. A compatible BIOS must support the TPM, and the Static Root of Trust Measurement as defined by the Trusted Computing Group.

For more information about TPM specifications, see the Trusted Platform Module (TPM) Specifications at the Trusted Computing Group Web site.

The TPM interacts with BitLocker to help provide seamless protection when the system starts. It is transparent to the user, and the user logon experience is unchanged. However, if the TPM is missing or is changed, or if the startup information is changed, BitLocker enters recovery mode, and you need a recovery password to regain access to the data.

For more information about BitLocker, see BitLocker Drive Encryption Overview.