ad-assurance - [AD-Assurance] RE: Encrypted Hard Drive feature in Windows Server 2012
Subject: Meeting the InCommon Assurance profile criteria using Active Directory
List archive
- From: Brian Arkills <>
- To: "" <>
- Subject: [AD-Assurance] RE: Encrypted Hard Drive feature in Windows Server 2012
- Date: Fri, 17 May 2013 18:48:41 +0000
- Accept-language: en-US
- Authentication-results: sfpop-ironport01.merit.edu; dkim=neutral (message not signed) header.i=none
Yes, the TPM chip is key in that it tethers the encrypted drive. And Bitlocker/TPM has various configuration options which dictate how much of the hardware can be modified before you have to use the recovery
key. These options provide reasonable assurance around tampering. If the entire system is stolen then the OS will still boot, but you still need valid credentials to login. From: [mailto:]
On Behalf Of Capehart,Jeffrey D A hardware encrypted drive is supported for Windows Server 2012 and can be supported natively in the OS or integrated with BitLocker to manage the key. The encryption/decryption is offloaded to hardware.
The Encrypted Hard Drive can be used as a startup drive if certain requirements are followed.
I assume that… if the hard drive is pulled out of the system by theft, then the TPM chip which may contain the key is no longer available to decrypt the data and that if the drive is booted from the server,
a person still has to logon to get to the data… they can’t just press F5 or delete and bypass bootup. -Jeff Applies To: Windows 8, Windows Server 2012 The Encrypted Hard Drive feature in Windows 8 and Windows Server 2012 uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. By offloading the cryptographic operations to hardware, Encrypted Hard
Drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt data quickly, enterprise clients can expand BitLocker deployment with minimal impact on productivity.
Encrypted Hard Drives are a new class of hard drives that are self-encrypting at a hardware level and allow for full disk hardware encryption. Windows 8 and Windows Server 2012 support installing to these devices without additional modification.
FULL TECHNET ARTICLE: http://technet.microsoft.com/en-us/library/hh831627.aspx Understand and Troubleshoot BitLocker in Windows Server "8" Beta (2012) http://www.microsoft.com/en-us/download/details.aspx?id=29032 Jeff Capehart, CISA |
- [AD-Assurance] Encrypted Hard Drive feature in Windows Server 2012, Capehart,Jeffrey D, 05/17/2013
- [AD-Assurance] RE: Encrypted Hard Drive feature in Windows Server 2012, Brian Arkills, 05/17/2013
- Re: [AD-Assurance] RE: Encrypted Hard Drive feature in Windows Server 2012, Jeff Whitworth, 05/17/2013
- [AD-Assurance] RE: Encrypted Hard Drive feature in Windows Server 2012, Brian Arkills, 05/17/2013
Archive powered by MHonArc 2.6.16.