BitLocker encryption ensures that data doesn’t fall into nefarious hands, but it can be a nuisance for users who forget passwords or administrators who want to push out updates to locked-down machines. One lesser-used feature of Windows Server 2012 can eliminate those pains by automatically entering BitLocker credentials when a device is connected to a corporate LAN.
MVP and consultant Andrew Bettany outlined the use of the Network Unlock feature during a presentation on Windows 8 security enhancements at TechEd North America 2013. “This allows your users to come in with their PCs, and as long as they’re connected to a wired corporate network, they get their BitLocker encryption unlocked automatically,” he said.
It’s not an option for Wi-Fi connection, but it’s a useful feature for administrators who want to roll out patches using Wake on LAN. With a conventional BitLocker deployment, that isn’t possible without entering the password manually on each machine (rarely possible anyway as the administrator is unlikely to know all those passwords). The feature utilises a certificate installation to verify its identity.
To use Network Unlock, you’ll need machines with UEFI firmware, a DHCP server and an installation of Windows Server 2012 with the WDS role set up and Network Unlock enabled.
Detailed instructions on how to set up the option can be found in this TechNet article.