From 6bc5ac7144eea3877ee3e6cffcfb9737afe39afe Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 5 Oct 2023 15:09:03 -0400 Subject: [PATCH] updates --- ...choose-drive-encryption-method-and-cipher-strength.md | 6 +++--- .../data-protection/bitlocker/install-server.md | 9 ++++++--- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-drive-encryption-method-and-cipher-strength.md b/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-drive-encryption-method-and-cipher-strength.md index 08d1256f7d..8ca45f3f80 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-drive-encryption-method-and-cipher-strength.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/includes/choose-drive-encryption-method-and-cipher-strength.md @@ -7,14 +7,14 @@ ms.topic: include ### Choose drive encryption method and cipher strength -With this policy you can configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and removable data drives individually. +With this policy, you can configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and removable data drives individually. -Recommended settings: `XTS-AES` alhorithm for all drives. The choice of key size, 128 bit or 256 bit depends on the performance of the device. For more performant hard drives and CPU, choose 256 bit key, for less performant ones use 128. +Recommended settings: `XTS-AES` algorithm for all drives. The choice of key size, 128 bit or 256 bit depends on the performance of the device. For more performant hard drives and CPU, choose 256-bit key, for less performant ones use 128. > [!IMPORTANT] > Key size might be required by regulators or industry. -If you disable or do not configure this policy setting, BitLocker uses the default encryption method of `XTS-AES 128-bit`. +If you disable or don't configure this policy setting, BitLocker uses the default encryption method of `XTS-AES 128-bit`. > [!NOTE] > This policy doesn't apply to encrypted drives. Encrypted drives utilize their own algorithm, which is set by the drive during partitioning. diff --git a/windows/security/operating-system-security/data-protection/bitlocker/install-server.md b/windows/security/operating-system-security/data-protection/bitlocker/install-server.md index e2aa1da455..4cbac906e9 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/install-server.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/install-server.md @@ -7,7 +7,7 @@ ms.date: 10/05/2023 # Install BitLocker on Windows Server -For all Windows Server editions, BitLocker is not installed by default, but it can be installed using Server Manager or Windows PowerShell cmdlets. This article explains how to install BitLocker on Windows Server. +For all Windows Server editions, BitLocker isn't installed by default, but it can be installed using Server Manager or Windows PowerShell cmdlets. This article explains how to install BitLocker on Windows Server. > [!NOTE] > To install BitLocker you must have administrator privileges. @@ -25,7 +25,7 @@ For all Windows Server editions, BitLocker is not installed by default, but it c > The **Enhanced Storage** feature is a required feature for enabling BitLocker. This feature enables support for encrypted hard drives on capable systems. 1. Select **Next** and under **Confirmation** select **Install** -The BitLocker feature requires a restart for to complete its installation. Selecting the **Restart the destination server automatically if required** option in the **Confirmation** pane forces a restart of the server after installation is complete +The BitLocker feature requires a restart to complete its installation. Selecting the **Restart the destination server automatically if required** option in the **Confirmation** pane forces a restart of the server after installation is complete ## Install BitLocker with Windows PowerShell @@ -77,10 +77,13 @@ To install BitLocker using the `dism.exe` module, use the following command: Enable-WindowsOptionalFeature -Online -FeatureName BitLocker -All ``` -This Command Prompts the user for a reboot. The `Enable-WindowsOptionalFeature` cmdlet doesn't offer support for forcing a reboot of the server. This command doesn't include installation of the management tools for BitLocker. For a complete installation of BitLocker and all available management tools, use the following command: +The command doesn't include installation of the management tools for BitLocker, but you can do a complete installation of BitLocker and all available management tools with the following command: ```powershell Enable-WindowsOptionalFeature -Online -FeatureName BitLocker, BitLocker-Utilities -All ``` +> [!NOTE] +> When using `Enable-WindowsOptionalFeature`, the administrator is prompted to reboot the server, as the cmdlet doesn't have support for forcing a reboot. + After the server reboots, you can use BitLocker.