We're trying to use Bitlocker to secure an SQL Server 2012 database. We don't have any issue getting bitlocker to work... the issue we have is that once the drive is locked, SQL Server can no longer read the data.
We'd love to use TDE, obviously, but since that's limited to the Enterprise edition, that's a no-go. We have TPM activated on the server. This is in a Windows Domain and we use Windows Authentication... but once the drive is encrypted, we cannot access the DB with anything.
What am I missing here?
asked Dec 6, 2013 at 17:17
1 Answer 1
You need to use the account that the SQL Server runs as to enable Bitlocker.
answered Dec 6, 2013 at 18:37
-
Oh - so the Domain account we use for SQL Server itself must be the account used to turn on Bitlocker? Does the C:\ drive also need to have bitlocker enabled (since that's where the SQL Server runs)?doulos2k– doulos2k2013年12月06日 18:51:46 +00:00Commented Dec 6, 2013 at 18:51
-
Yes, the SQL Account needs to enable bitlocker. No you don't need to bitlocker the C drive unless you have another reason to.mrdenny– mrdenny2013年12月09日 08:41:22 +00:00Commented Dec 9, 2013 at 8:41
-
Okay - we'll try that today and I'll report back.doulos2k– doulos2k2013年12月09日 15:26:21 +00:00Commented Dec 9, 2013 at 15:26
-
1That was exactly it. I will say that you really DO want to turn Bitlocker on for your system drive as well. Otherwise you have to manually unlock the drive every time you restart the system. (The auto-unlock feature requires the system drive to be bitlocked)doulos2k– doulos2k2013年12月09日 22:03:32 +00:00Commented Dec 9, 2013 at 22:03
lang-sql