Jump to content


Recommended Posts

Hi all, I'm configuring a lab here for SCCm 2002 and I am looking at implementing bitlocker. I have been reading that from 2002, we don't need to enable https through out the MP to encrypt the recovery keys, we can just enable it on IIS. The problem I have is I have no idea how to do this. I quote Niall here from another post:

"if you choose to not use PKI in your infrastructure then you need to add a PKI-based server auth cert to the IIS website hosting the recovery service – this can be the same cert you used when configuring HTTPS on the MP or another PKI-issued cert if not using HTTPS."

, but again I have no idea how to get to it.  If someone could show me where in IIS I am "hosting" said recovery keys, that would really be appreciated. I have enable bitlocker management, created a policy, and selected 'enable plain text recovery keys". Now it seems I cannot create another policy without plain text recovery keys. My primary concern however is know how and where I can "host" recovery keys on IIS. I have uploaded a screenshot from my lab here an I hope this helps someone as I do not know what I need to do here.

Thanks again.

iis.JPG

Edited by Imraz
uploaded picture

Share this post


Link to post
Share on other sites

IIS doesn't host the recovery keys, they are stored in the ConfigMgr database. The recovery service runs on IIS and that's probably what you are thinking about. The following guides should cover everything you need including HTTPS (pki) which is listed at the bottom of the blog post.

If you don't want to go all https (and i'd recommend you do...) then simply add the HTTPS cert to IIS as explained in

https://www.niallbrady.com/2019/11/13/want-to-learn-about-the-new-bitlocker-management-in-microsoft-endpoint-manager-configuration-manager/

why are you testing with ConfigMgr 2002, 2010 is out already

cheers

niall

Share this post


Link to post
Share on other sites

ha, the funny thing is that link you sent me was the first article I read in relation to this. It would appear that  I have missed a bit. I will go through it again though and find what I'm looking for.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...