How to Enable BitLocker on Windows Server 2016/2019
BitLocker is a powerful encryption tool available on Windows Server 2016 and 2019. In this post, you will learn how to enable BitLocker on Windows Server 2016/2019 using a built-in feature and a third-party BitLocker manager.
What is BitLocker on Windows Server 2016/2019?
BitLocker is a full-disk encryption feature included with Microsoft Windows versions starting with Windows Vista. Its primary purpose is to protect data by encrypting entire volumes, making it nearly impossible for unauthorized users to access your information without the proper credentials. This encryption technology is essential for safeguarding sensitive data, especially in environments where data security is a top priority.
With each new version of Windows, Microsoft has enhanced BitLocker’s features, making it more user-friendly and secure. The introduction of BitLocker in Windows Server 2016/2019 brought enterprise-grade encryption capabilities to server environments, offering administrators an efficient way to protect data at rest.
That’s why so many Sever users are asking for a way to enable BitLocker on Windows Server 2016/2019. But before proceeding to the step-by-step guide, let’s learn some demands for encrypting volumes on Server 2016 and 2019.
System Requirements for BitLocker on Windows Server 2016/2019
Hardware Requirements
━ To use BitLocker on Windows Server 2016/2019, certain hardware requirements must be met:
━ A TPM version 1.2 or later for enhanced security features.
━ A server with UEFI firmware for modern encryption techniques.
━ Sufficient disk space to accommodate the encryption process.
Software Compatibility
BitLocker is fully compatible with Windows Server 2016/2019. However, it's essential to ensure that all drivers and software on the server are up to date to avoid compatibility issues.
How to enable BitLocker on Windows Server 2016/2019
Enabling BitLocker on Windows Server protects your data by encrypting the entire volume. Here's a full, step-by-step guide for enabling BitLocker:
However, BitLocker Drive Encryption is not installed by default on Windows Server. Thus, the first move is to install it on your Windows Server computer.
Part 1. Install BitLocker Drive Encryption
In Server Manager, select Add Roles and Features. Proceed by clicking Next on the Before You Begin screen, and again on the installation type, keeping Role-based or feature-based installation as the default option. Choose your server and click Next. Bypass the Server Roles section by clicking Next.
In the Features window, check the box for BitLocker Drive Encryption.
If prompted, check the box to Include management tools (if applicable) and click Add Features.
After being redirected to the Select Features window, click Next. Since the installation requires a reboot, choose the option to Restart the destination server automatically if required and proceed with Install. Confirm the reboot warning by selecting Yes, and then click Install again to begin the process.
Part 2. Enable BitLocker Drive Encryption
To encrypt a drive (Here is system C drive) in Windows Server, open the Control Panel, switch the view to Large or Small icons, and navigate to BitLocker Drive Encryption. In the section for your target drive, click Turn on BitLocker.
You'll then need to choose between Encrypt used disk space only or Encrypt entire drive. If you're setting up a new server, encrypting only the used disk space will be much faster. However, if the server has already been in use, it's better to encrypt the entire drive to ensure all data, including free space, is protected. After making your choice, click Next.
On the final screen, you can opt to run a hardware system check by checking the Run BitLocker system check box. If you do, a reboot will be required. To begin the encryption process, click Start encrypting.
An easier way to enable BitLocker on Windows Server 2016/2019
As you can see, it’s a little complicated to turn on BitLocker on Windows Sever 2016/2019 with native feature. And not all users can meet the requirements for BitLocker Drive Encryption. Luckily, a reliable partition manager and BitLocker tool called AOMEI Partition Assistant Server can clear these obstacles perfectly.
It allows you to easily and quickly enable the BitLocker drive encryption in all editions of Windows Server 2025, 2022, 2019, 2016, 2012 (R2). Here is a demo version of this software, download it and see how to use it to enable BitLocker on Windows Server 2016/2019:
The Best Windows Disk Partition Manager and PC Optimizer
Step1. Install and launch AOMEI Partition Assistant. Click the "Tools" main tab and select "BitLocker".
Step 2. All drives on the system will be displayed, including operating system drives, fixed data drives, and removable drives. Please find the partition you would like to encrypt BitLocker and click the "Turn on BitLocker" option. (Here, we take the drive D: as an example.)
Tip: It only supports encrypting NTFS partitions. Other partition file systems, for example, FAT or FAT32 cannot be encrypted.
Step 3. Please set and confirm a password to encrypt the drive and click "Next".
Step 4. Select a way to back up your recovery key. You can either select "Save to a file" or "Print the recovery key".
Step 5. If you select "Save to a file", please choose a location on your PC to save the recovery key.
Then, please click the "Next" button to start the encryption process.
Step 5. The encryption process might take time to encrypt the drive. Before the process is finished, please do not terminate the program, remove the drive, or turn off the power. Once the encryption process is finished, please click "Completed". Finally, the drive is BitLocker encrypted.
Conclusion
That’s all about how to enable BitLocker on Windows Server 2016/2019. If you need to encrypt your Server’s drives, you can follow the two methods above to make it. As you can see, AOMEI Partition Assistant Server would be more compatible and comprehensive. If you install it on your Server PC, it can also help you manage hard drives and partitions better. For example, it can extend your C drive, delete recovery partition, clone Windows to SSD/HDD, and more.