Setting Up "Allow Network Unlock at Startup" for BitLocker (TPM) RRS feed

  • السؤال

  • I am new to BitLocker, but have been tasked to deploy laptop encyption remotely\automated, via GPO and Powershell.

    I have a mixed environment of both UEFI and Legacy Laptops, thus, my test environment is setup the same.  With that, I have a policy for using TPM, and another for not utilizing TPM, but to just use passwords.  I have setup two GPO's, as well as two different Powershell commands to Enable Bitlocker. 

    With some previous assistance, I have powershell scripts working to enable BitLocker and encrypt the drives.

    My issue now pertains to the Network Unlock Feature within BitLocker for TPM machines.

    I have followed the guide below to setup the Network Unlock Feature


    I have my GPO set, and I have the Certificate setup on the WDS Server.  However, when I boot the machine, it is still booting to BitLocker and asking for the PIN.

    Everything I'm reading seems to reference PXE boot.  I have PXE setup in the Boot Order before the UEFI Hard drive.  Is there something additional that I need to setup\configure to get this working.

    Sorry if I have not provided all of the necessary info needed.  Please let me know any additional details needed.  Thanks.

    25/ربيع الأول/1441 10:05 م


  • I did see that article previously, but it did not resolve the problem.

    I did stumble on this fix, which just ended up being that I reconfigured my WDS Server by uninstalling WDS and BitLocker Network Unlock, rebooted, then reinstalled.  After doing that, the Network Unlock began working.

    Thanks for all the assistance.

    • تم وضع علامة كإجابة بواسطة timahh2 07/ربيع الثاني/1441 08:01 م
    07/ربيع الثاني/1441 08:01 م

جميع الردود