BitLocker is a drive encryption feature from Microsoft that is designed to protect the user data on a system. BitLocker provides elevated protection when combined with a hardware component called trusted platform module (TPM).
Use the following PowerShell commands for each server to enable and configure BitLocker:
- Enable BitLocker encryption.
Enable-BitLocker -MountPoint "C:" -RecoveryPasswordProtector -UsedSpaceOnly -SkipHardwareTest -WarningAction SilentlyContinue
- Check the BitLocker status. Encryption percentage should be 100%, and protection status should be ON for the operating system drive.
Get-BitLockerVolume
- Get the BitLocker volume recovery password and save it in a location accessible to all nodes.
(Get-BitLockerVolume -MountPoint "C:").KeyProtector | Where-Object {$_.KeyProtectorType -eq "RecoveryPassword"}
- Repeat the steps on all the cluster nodes. Note: To backup recovery password to an active directory, see Learn.Microsoft | Backup To AAD-Bit Locker Key Protector.