BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. The TPM is a hardware component installed in many newer computers by computer manufacturers. It works with BitLocker to help protect user data and to ensure that a computer has not been tampered with while the system was offline.
This blog post shows how to install BitLocker on Windows Server 2019. For all Windows Server editions, BitLocker can be installed using Server Manager or Windows PowerShell cmdlets. BitLocker requires administrator privileges on the server to install.
This same step applies to Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019
To install BitLocker using Server Manager
Open Server Manager by selecting the Server Manager icon or running servermanager.exe.
Select Manage from the Server Manager Navigation bar and select Add Roles and Features to start the Add Roles and Features Wizard.
With the Add Roles and Features Wizard open, select Next at the Before you begin pane (if shown).
Select Role-based or feature-based installation on the Installation type pane of the Add Roles and Features Wizard pane and select Next to continue.
Select the Select a server from the server pool option in the Server Selection pane and confirm the server for the BitLocker feature install.
Server roles and features install using the same wizard in Server Manager. Select Next on the Server Roles pane of the Add Roles and Features wizard to proceed to the Features pane.
Select the check box next to BitLocker Drive Encryption within the Features pane of the Add Roles and Features Wizard. The wizard will show the additional management features available for BitLocker. If you do not want to install these features, deselect the Include management tools option and select Add Features. Once optional features selection is complete, select Next to proceed in the wizard.
Note: The Enhanced Storage feature is a required feature for enabling BitLocker. This feature enables support for Encrypted Hard Drives on capable systems.
Select Install on the Confirmation pane of the Add Roles and Features Wizard to begin BitLocker feature installation. The BitLocker feature requires a restart to complete. Selecting the Restart the destination server automatically if required option in the Confirmation pane will force a restart of the computer after installation is complete.