Skip to Content.
Sympa Menu

ad-assurance - [AD-Assurance] RE: Encrypted Hard Drive feature in Windows Server 2012

Subject: Meeting the InCommon Assurance profile criteria using Active Directory

List archive

[AD-Assurance] RE: Encrypted Hard Drive feature in Windows Server 2012


Chronological Thread 
  • From: Brian Arkills <>
  • To: "" <>
  • Subject: [AD-Assurance] RE: Encrypted Hard Drive feature in Windows Server 2012
  • Date: Fri, 17 May 2013 18:48:41 +0000
  • Accept-language: en-US
  • Authentication-results: sfpop-ironport01.merit.edu; dkim=neutral (message not signed) header.i=none

Yes, the TPM chip is key in that it tethers the encrypted drive. And Bitlocker/TPM has various configuration options which dictate how much of the hardware can be modified before you have to use the recovery key. These options provide reasonable assurance around tampering.

 

If the entire system is stolen then the OS will still boot, but you still need valid credentials to login.

 

From: [mailto:] On Behalf Of Capehart,Jeffrey D
Sent: Friday, May 17, 2013 11:39 AM
To:
Subject: [AD-Assurance] Encrypted Hard Drive feature in Windows Server 2012

 

A hardware encrypted drive is supported for Windows Server 2012 and can be supported natively in the OS or integrated with BitLocker to manage the key. The encryption/decryption is offloaded to hardware.  The Encrypted Hard Drive can be used as a startup drive if certain requirements are followed. 

I assume that… if the hard drive is pulled out of the system by theft, then the TPM chip which may contain the key is no longer available to decrypt the data and that if the drive is booted from the server, a person still has to logon to get to the data… they can’t just press F5 or delete and bypass bootup.

-Jeff

Applies To: Windows 8, Windows Server 2012

The Encrypted Hard Drive feature in Windows 8 and Windows Server 2012 uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management. By offloading the cryptographic operations to hardware, Encrypted Hard Drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt data quickly, enterprise clients can expand BitLocker deployment with minimal impact on productivity.

Encrypted Hard Drives are a new class of hard drives that are self-encrypting at a hardware level and allow for full disk hardware encryption. Windows 8 and Windows Server 2012 support installing to these devices without additional modification.

FULL TECHNET ARTICLE:

http://technet.microsoft.com/en-us/library/hh831627.aspx

 

 

Understand and Troubleshoot BitLocker in Windows Server "8" Beta  (2012)

http://www.microsoft.com/en-us/download/details.aspx?id=29032

 

 

Jeff Capehart, CISA
IT Audit Manager
University of Florida - Office of Internal Audit
(352) 273-1882

http://oia.ufl.edu




Archive powered by MHonArc 2.6.16.

Top of Page