Encrypting the system volumes on a server

by Mitch Tulloch [Published on 18 June 2009 / Last Updated on 2 Feb. 2009]

Why encrypting the system volume on a server is usually not a good idea.

Windows BitLocker Drive Encryption lets you encrypt the entire system volume on a computer. It's great for mobile users who have laptops that can easily get lost or stolen. But is it a good idea to encrypt the system volume on a server? Does this give more security, or does it create headaches?

Consider this: You have a server at a branch office, and the server reboots for some reason (maybe an update was installed, or a power glitch occurred). Generally this is not a problem, and even with BitLocker enabled the system should start normally. But if for some reason BitLocker detected a system condition that might represent a security risk (for example a disk error of some kind) the drive would be locked and you would need someone there at the branch office to supply the BitLocker recovery password to enable the system to boot. Now, you wouldn't want to give that sensitive password to just anyone, and if the branch office is small and there's no full-time admin there, you have a problem. And it gets worse if your server is sitting in a remote datacenter somewhere.

Remember, with increased security usually comes decreased manageability—there's always a tradeoff and you need to consider this before taking actions like this to "secure" your server.

If you have feedback concerning this tip, I'd love to hear from you.

The Author — Mitch Tulloch

Mitch Tulloch is a widely recognized expert on Windows administration, networking, and security. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy and use Microsoft platforms, products and solutions. Mitch has published over two hundred articles on different IT websites and magazines, and he has written or contributed to almost two dozen books and is lead author for the Windows 7 Resource Kit from Microsoft Press. For more information, see www.mtit.com .

Latest Contributions

Featured Links