Forum Discussion
Setup and configure Bit locker network unlock remotely
Hi Fellow members
This is a question for anyone who has setup and configured the Bitlocker network unlock feature. I have been asked to set this up in my enterprise however with COVID-19 I am working remotely.
For anyone who has done this already, is it possible to do all the configuration and testing of this remotely or will I need to be in the office? I am thinking that whilst the server configuration I could do remotely, my question would be how would I test it?
So I will be following this article: https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock#:~:text=%20Configure%20Network%20Unlock%20%201%20Install%20the,properly%20configured%20Active%20Directory%20Services%20Certification...%20More%20
Any thoughts on this would be most appreciated.
Thanks
Got a question around Bitlocker Network Unlock.
Thought first it be useful to add some details of the infrastructure
2008 R2 Domain controllers....Yes I know!
Windows based PKI infrastructure
Server 2019 running Windows Deployment services
Using MBAM.
Bitlocker 256-bit encryption used with startup PIN
Windows 10 Enterprise, managed using Microsoft Configuration Endpoint Manager 1910
So after a successful implementation of BitLocker, we now want to move to the next stage of implementing network unlock on machines on the internal network.
Followed this article https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock#bkmk-unsupportedsystems
All configuration on server side complete, certificate is valid and on the client. BitLocker config currently performed by MCEM at OSD. additional policies set within GPO including network unlock set to enabled. Running manage-bde status shows Network (certificate based) key protector with correct certificate thumbprint and is also show in registry.
Does anyone have any experience with network unlock. Whilst the core requirements are Windows 2012 I understand this is for the WDS server which is server 2019 and you can still use this with 2008 DCs as mentioned in the article but struggling to understand why it still doesnt work.
I have tried the implementation on both a desktop and laptop, the laptop doesn't have an onboard network card (as most new thin laptops) and has to use an ethernet adapter, all the requirements on client side have been met such as TPM, native mode etc so should still work and is able to PXE boot successfully for OSD build.
Any suggestions would be greatly appreciated.
