Sven,
Sorry about the delay in answering, we've been a little busy but I think I understand what is you're asking, please let me know if I'm not answering the question you're asking...I can...I have done that in the past so let me know.
The Network Unlock policy itself enables the client itself to create and implement Network Key Protection as long as your client is TPM enabled to automatically unlock the OS hard drive when you boot the system. Clients using the policy will get the pushed Network Unlock Certificate and that client will CREATE and use the Network Key Protectors. The pushed certificated is used to create the Network Key Protectors that will then unlock the system itself. I emphasize the client side generation of things because you had mentioned pushing the recovery keys to the WDS server because this isn't necessary since everything really resolves around the client getting the cert and doing it's own generation to perform the network unlock.
Everything works fairly well on TPM based systems but what about systems without it? Well they cannot create these Key Protectors.
I would assume also that computers that do not have BitLocker enabled will also not be affected by the policy itself. So I believe you would need some method, regardless of whether it is Group Policy or a manual configuration to enable BitLocker first before applying the unlock policy.
I believe you're correct and the hosts just forgot, most of us got our start with Server 2000, 2003 and 2008, it's in the 2008 environment we saw the Enterprise Editions so it's easy to forget. I will see if I can get some show errata in place on the episode about this.
Cordially,
Ronnie Wong
Host, ITProTV