Imraz Posted March 1, 2021 Report post Posted March 1, 2021 (edited) Hi all, I'm configuring a lab here for SCCm 2002 and I am looking at implementing bitlocker. I have been reading that from 2002, we don't need to enable https through out the MP to encrypt the recovery keys, we can just enable it on IIS. The problem I have is I have no idea how to do this. I quote Niall here from another post: "if you choose to not use PKI in your infrastructure then you need to add a PKI-based server auth cert to the IIS website hosting the recovery service – this can be the same cert you used when configuring HTTPS on the MP or another PKI-issued cert if not using HTTPS." , but again I have no idea how to get to it. If someone could show me where in IIS I am "hosting" said recovery keys, that would really be appreciated. I have enable bitlocker management, created a policy, and selected 'enable plain text recovery keys". Now it seems I cannot create another policy without plain text recovery keys. My primary concern however is know how and where I can "host" recovery keys on IIS. I have uploaded a screenshot from my lab here an I hope this helps someone as I do not know what I need to do here. Thanks again. Edited March 1, 2021 by Imraz uploaded picture Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted March 1, 2021 Report post Posted March 1, 2021 IIS doesn't host the recovery keys, they are stored in the ConfigMgr database. The recovery service runs on IIS and that's probably what you are thinking about. The following guides should cover everything you need including HTTPS (pki) which is listed at the bottom of the blog post. If you don't want to go all https (and i'd recommend you do...) then simply add the HTTPS cert to IIS as explained in https://www.niallbrady.com/2019/11/13/want-to-learn-about-the-new-bitlocker-management-in-microsoft-endpoint-manager-configuration-manager/ why are you testing with ConfigMgr 2002, 2010 is out already cheers niall Quote Share this post Link to post Share on other sites More sharing options...
Imraz Posted March 1, 2021 Report post Posted March 1, 2021 Thanks Niall, yes apologies in my incorrect wording. IIS hosting the "recovery service". I'll look into that link you sent me. Quote Share this post Link to post Share on other sites More sharing options...
Imraz Posted March 1, 2021 Report post Posted March 1, 2021 ha, the funny thing is that link you sent me was the first article I read in relation to this. It would appear that I have missed a bit. I will go through it again though and find what I'm looking for. Quote Share this post Link to post Share on other sites More sharing options...
