0

I am trying to setup Bitlocker Network Unlock in our domain and I have ran into a issue I can not seem to pass.

Little background. WINDOWS 2012 R2 WDS server, 2012 R2/2012 domain controllers (forest and domain level is 2012) WDS is joined to the domain.

I have been using https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-how-to-enable-network-unlock as a reference page for configuring network unlock.

Step 4 is where I am stuck. On the WDS I open up certmgr and I proceed to request a new cert. The only certificates (Ad enrollment Policy) options I have are "Administrator, Basic EFS, EFS Recovery Agent, User) I Do not see anything related to "Network Unlock on Domain Controllers"

Am I missing something?

Thanks in advance!

Adam S
  • 1

1 Answers1

1

Look at "Create the certificate template for unlock" further down in the article.

You have to create and publish the template on your AD Certificate Services server.

Appleoddity
  • 3,488
  • 2
  • 13
  • 33
  • Thank you! Apparently I should a read further down. Can't quite understand why the how to article steps are out of order. – Adam S Oct 04 '17 at 04:16