0

Our school has a remote file server (Windows 2022 virtual server on a colo) that provides network shared drives. We have both Windows and MacOS clients accessing it through SMB.

Recently our IT Sub-committee recommended me enable Bitlocker on these shared volumes.

First question regarding SMB encryption: Microsoft has the following on SMB encryption. My understanding is this is for the encryption on the connection between client machine and server. Correct? https://learn.microsoft.com/en-us/windows-server/storage/file-server/smb-security

Second question regarding Bitlocker: I don't quite seem to be able to find related topic on Bitlocker on shared network drive. Can Bitlocker be applied to network shared volumes?

Thanks much in advance!

I would like to enhance the security on our file sharing plus the data on the file server.

RabbitSF
  • 33
  • 4

1 Answers1

1

BitLocker can be enabled on a shared network volume. That needs to be enabled on the Windows Server 2022 host where the volume is shared. This only affects encryption at rest, and has no affect or impact on the clients accessing the shared network volume. If the hosting provider does not support virtual TPM this could be a non-starter though.

SMB Encryption protects data in transit, and the share can be configured to require this.

Greg Askew
  • 35,880
  • 5
  • 54
  • 82
  • Thank you so much, Greg! For the SMB encryption, does it need SSL cert set up? I don't seem to see that's a requirement on Microsoft's article mentioned above. – RabbitSF Dec 01 '22 at 18:42
  • 1
    @RabbitSF: SMB encryption doesn't use certificates. – Greg Askew Dec 01 '22 at 18:46