Network Management in System Center 2012 SP1 - VMM
Securing a Windows Infrastructure using Windows Server 2012 & Windows 8 Built-in features
1. Securing a Windows
Infrastructure using Windows
Server 2012 & Windows 8 Built-in
features
Marcus Murray & Hasain Alshakarti
Truesec Security Team, MVP-Enterprise Security
x2
5. Bitlocker enhancement This feature requires the client hardware to have a DHCP
driver implemented in its UEFI firmware.
• Enhancements: Client
– Bitlocker Network unlock
– New protectors User
•For NKP, the win8 client should be using UEFI 2.3.1
BitLocker Network Unlock has the following software and hardware requirements that must be met before you can
use it:
Client computer requirements
•A DHCP driver that is implemented in the UEFI firmware
•Trusted Platform Module (TPM) 1.2 or TPM 2.0
•BitLocker enabled on the operating system volume
Windows Deployment Services server requirements
•BitLocker Network Unlock feature installed (only available in windows server 2012)
•2,048-bit RSA public/private key pair X.509 certificate present in FVENKP certificate store
Domain controller requirements
•Copy of the BitLocker Network Unlock Certificate from the Windows Deployment Services server on the domain
controller to set Group Policy settings for Network Unlock. (2012 server