none
Bitlocker network unlock on initial boot? RRS feed

  • Question

  • Hi. I'm investigating BL network unlock for our network. I see explicit references to reboot. Does that mean it will not work on initial boot?

    If it only works on reboot and we have SCCM, is there any advantage of network unlock vs task sequence?

    Thanks.

    Thursday, July 25, 2019 12:49 PM

All replies

  • Hello,
    Thank you for posting in our TechNet forum.

    >>1. Hi. I'm investigating BL network unlock for our network. I see explicit references to reboot. Does that mean it will not work on initial boot?

    According to the MS official document BitLocker: How to enable Network Unlock, it does not mention that we need to reboot machine to unlock Bitlocker.

    But we can see that some machines need to reboot to unlock Bitlocker and some others do not from the following similar case:
    Bitlocker Network Unlock not working during reboot



    >>2. If it only works on reboot and we have SCCM, is there any advantage of network unlock vs task sequence?

    I don't think there is any conflict between the Bitlocker network unlocking and the task sequence in SCCM. Generally, the bit locker is disabled in the beginning of the task sequence, and then Bitlock is enabled again when the task sequence ends.





    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 26, 2019 10:44 AM
    Moderator
  • Thanks, Daisy. I'm not worried about a conflict so much as trying to decide which tool is best.

    I found something that states the dhcp request is sent from the UEFI, so I guess that means that network unlock can work on initial boot. I'm hoping someone here who is using it can verify.

    "In first phase client that is configured to use network unlock has to obtain valid IP address from the DHCP server. This DHCP request is sent from UEFI firmware not from DHCP client service in the Operating System. "

    https://blogs.technet.microsoft.com/dubaisec/2016/04/14/bitlocker-network-unlock/


    • Edited by TR-CPC Friday, July 26, 2019 12:56 PM link
    Friday, July 26, 2019 12:55 PM
  • Hi,
    Because we do not have such environment to test it. You can test to verify it if you can.

    Thank you for your understand and support.




    Best Regards,
    Daisy Zhou 

     

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, July 29, 2019 8:12 AM
    Moderator
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?

    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 1, 2019 9:27 AM
    Moderator
  • I was hoping that someone who is actually using network unlock could verify that it works on a cold boot.

    Thanks.

    Friday, August 2, 2019 6:19 PM
  • Hi,
    Maybe someone who are searching for the similar question will update it.


    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, August 5, 2019 9:10 AM
    Moderator