HP Factory-Installed Operating System Software for Microsoft Windows Server® 2008 R2 Foundation and Windows Server® 2012 Foundation User Guide
Post-installation tasks 20
2.
After the operating system boots, log in as administrator, go to Control Panel, click Security, and then
click BitLocker Drive Encryption.
3. If the User Account Control dialog box appears, confirm the action and then click Continue. The
BitLocker Drive Encryption page appears.
4. Click Turn On BitLocker on the operating system volume. The following warning appears: BitLocker
encryption might have a performance impact on your server. If your TPM is not
initialized, the TPM Security Hardware wizard appears. Follow the directions to initialize the TPM. You
must restart or shut down your computer for the changes to take place.
5. On the Save the recovery password page, the following options appear:
o Save the password on a USB drive. This saves the password to a USB flash drive.
o Save the password in a folder. This saves the password to a folder on a network drive or other
location.
o Print the password. This prints the password.
Use one or more of these options to preserve the recovery password. For each option, select the option
and follow the wizard steps to set the location for saving or printing the recovery password.
6. When you have finished saving the recovery password, click Next. The Encrypt the selected disk
volume page appears.
IMPORTANT: The recovery password is required in the event the encrypted disk is moved to
another computer, or changes are made to the system startup information. This password is so
important that HP recommends that you make additional copies of the password and store it in a
safe place apart from the computer to assure access to your data. Your recovery password is
needed to unlock the encrypted data on the volume if BitLocker enters a locked state. This recovery
password is unique to this particular BitLocker encryption. You cannot use it to recover encrypted
data from any other BitLocker encryption session.
7. Confirm that the Run BitLocker System check box is selected, and then click Continue.
8. Click Restart Now. The computer restarts and BitLocker verifies if the computer is BitLocker-compatible
and ready for encryption.
o If it is not ready for encryption, an error message alerting you to the problem appears.
o If it is ready for encryption, the Encryption in Progress status bar appears. You can monitor the
ongoing completion status of the disk volume encryption by dragging your mouse cursor over the
BitLocker Drive Encryption icon in the notification area at the bottom of your screen.
By completing this procedure, you have encrypted the operating system volume and created a recovery
password unique to this volume. The next time you log in, you see no change. If the TPM ever changes or
cannot be accessed, if there are changes to key system files, or if someone tries to start the computer from a
product CD or DVD to circumvent the operating system, the computer switches to recovery mode until the
recovery password is supplied.
For more information regarding BitLocker, see the Microsoft® website
(http://technet.microsoft.com/en-us/library/cc732774.aspx).
To install BitLocker Drive Encryption on Windows® Server 2012 Foundation:
1. Add the BitLocker feature from the server manager, and then reboot the server.
2. After the operating system boots, log in as administrator, go to Control Panel, click BitLocker Drive
Encryption, and then click Turn on BitLocker on the operating system volume.