Okay this is not a guide about implementing BitLocker on the above server platforms, but this will set servers up so BitLocker can be implemented later. This is all to do with boot partitions, and the fact that you can’t encrypt the boot partition so you need to build a small RAW partition into your server build in case you need to switch on BitLocker later (unless you want to go around rebuilding all your servers).
I’m assuming a completely clean, unconfigured server.
At the “Install Now” screen DO NOT choose the big “Install Now” button. Instead hit escape, and follow the system recovery process until a “System Recovery Options” dialog box appears (don’t restore any images or anything- just try to “Next” or “Escape” every screen until this one).
Once the screen shows Restore, Memory Diagnostics or Command Prompt, choose command prompt. Once cmd.exe opens, type “diskpart” and press enter. Once in diskpart, follow these steps (ignore anything following a // in this list, press enter after each step):
- select volume 0 //that’s a zero, not an ‘o’. Selects the optical drive.
- assign letter=V //makes sure drives C:, D: and E; are free for the hard disk
- select disk 0 //that’s a zero, not an ‘o’
- clean //wipes all partition info
- create partition primary size=1536 //this is your potential 1.5GB boot partition
- create partition primary size=61440 //60GB system partition
- assign letter=C //gives this partition drive C:\
- FORMAT FS=NTFS LABEL=”System” QUICK //formats drive.
- create partition primary //no size specified- will just use up the remainder of the disk
- assign letter=D
- FORMAT FS=NTFS LABEL=”Data” QUICK
Steps 4-9 are arbitrary and only show an example of a server with a 60GB system drive, and the rest of the space allocated to “data”, whatever that will be. That’s it- theres’s a 1.5GB partition available of BitLocker is ever needed but it’s not in use. You might find that on booting into Windows it’s been allocated as D: or E:, in which case go back into DiskPart > select disk 0 > select partition 1 > remove letter=D (or whatever it’s been allocated).