BitLocker: How to enable Network Unlock

https://technet.microsoft.com/en-us/library/jj574173

The BitLocker Network Unlock feature will install the WDS role if it is not already installed. If you want to install it separately before you install BitLocker Network Unlock you can use Server Manager or Windows PowerShell. To install the role using Server Manager, select the Windows Deployment Servicesrole in Server Manager.

To install the Network Unlock feature, use Server Manager or Windows PowerShell. To install the feature using Server Manager, select the BitLocker Network Unlock feature in the Server Manager console.

Network Unlock can use imported certificates from an existing PKI infrastructure, or you can use a self-signed certificate.

With the certificate and key created, deploy them to the infrastructure to properly unlock systems.

With certificate and key deployed to the WDS server for Network Unlock, the final step is to use Group Policy settings to deploy the public key certificate to computers that you want to be able to unlock using the Network Unlock key. Group Policy settings for BitLocker can be found under \Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption using the Local Group Policy Editor or the Microsoft Management Console.