Home » Microsoft » 70-687 » Which command should you run?
A company has Windows 8.1 client computers. The company uses Windows BitLocker Drive Encryption and BitLocker Network Unlock on all client computers.
Your need to collect information about BitLocker Network Unlock status.
Which command should you run?
A. Run the BitLockerWizard command.
B. Run the bitsadmin command.
C. Run the manage-bde command.
D. Run the BdeHdCfg command.
Correct Answer: C
Explanation/Reference:
http://technet.microsoft.com/en-us/library/jj574173.aspx
BitLocker: How to enable Network Unlock
Network Unlock was introduced in Windows 8 and Windows Server 2012 as a BitLocker protector option for operating system volumes. Network Unlock enables easier management for BitLocker enabled desktops and servers in a domain environment by providing automatic unlock of operating system volumes at system reboot when connected to a wired corporate network. This feature requires the client hardware to have a DHCP driver implemented in its UEFI firmware.
Without Network Unlock, operating system volumes protected by TPM+PIN protectors require a PIN to be entered when a computer reboots or resumes from hibernation (for example, by Wake on LAN). This can make it difficult to enterprises to roll out software patches to unattended desktops and remotely administered servers.
Network Unlock allows BitLocker-enabled systems with TPM+PIN and that meet the hardware requirements to boot into Windows without user intervention. Network Unlock works in a similar fashion to the TPM+StartupKey at boot. Rather than needing to read the StartupKey from USB media, however, the key for Network Unlock is composed from a key stored in the TPM and an encrypted network key that is sent to the server, decrypted and returned to the client in a secure session.
….
Files to gather when troubleshooting BitLocker Network Unlock include:
1. The Windows event logs. Specifically the BitLocker event logs and the Microsoft-Windows-Deployment-Services-Diagnostics-Debug log
..
2. The DHCP subnet configuration file (if one exists).
3. The output of the BitLocker status on the volume, this can be gathered into a text file using manage-bde -status or Get-BitLockerVolume in Windows PowerShell
4. Network Monitor capture on the server hosting the WDS role, filtered by client IP address
Further Information:
There’s no such thing as a BitLockerWizard command.
http://technet.microsoft.com/en-us/library/ff829850.aspx
Bdehdcfg
Prepares a hard drive with the partitions necessary for BitLocker Drive Encryption.
http://msdn.microsoft.com/en-us/library/aa362813%28v=vs.85%29.aspx BITSAdmin Tool
BITSAdmin is a command-line tool that you can use to create download or upload jobs and monitor their progress.