Secure Virtual Domain Controller using BitLocker Encryption

Hi, today’s topic is about securing virtual domain controller using BitLocker Encryption.

Virtual domain controller is sometimes at critical risk where the VHD folders can be copied and placed to another. Of course nowadays, by using BitLocker Encryption might be useful and one factor to secure our production environment.

hyper-nomdc

Moreover, the very best friend comes out with BitLocker encryption on more enhancing technology is the Trust Platform Module (TPM) where you can find in the BIOS motherboard itself.

In my lab environment, I run my host hyper-V in my lenovo thinkpad. To secure the virtual domain controller is by enabling the BitLocker Encryption on the host of the virtual machine.

Simple to do:

  1. I enable the TPM / security chip at the bios setup. I am very fortunate the Lenovo has the tools to check. You may download it here. You can here the setting is Active. that’s mean the TPM is enabled.
    tpm-is-active
  2. After that, you need to add features BitLocker encryption at the host hyper-v. you may need to restart the server.
    enable-bitlocker
  3. On control panel, you manage your bitlocker on which volume drive you need to turn on. on the screenshot below, I turn on the bitlocker on my operating system. because the virtual machine folders are located at default. you may relocate your virtual machine folder in different drive and you turn on the bitlocker on the drive that you locate the VM VHD/VHDX files.
    bitcontrolpanel
Advertisements

Schema Mismatch

Hi,

before I begin, just want to say Happy New Year 2014 to all..

Okay, I would like to share this screenshot below:

mismatch schema

 

You have seen this error lately? must be panic right and start to search into the TechNet.

Here is the article link http://support.microsoft.com/kb/2734946 .

In my case, there is a some period that between domain controllers have not replicated. Some of the DC was offline when I installed Exchange Server. So the while setup the Exchange, the setup will extend the AD schema. So since the Schema partition is forestwide, it might change and update the Schema FSMO role as well.

 

Resolution: you can manually force replication or wait the replication time takes place.