Elscorpio Posted September 26, 2014 Report post Posted September 26, 2014 Hi Im wondering if anyone in here has some experience in deploying Bitlocker encryption from a SCCM task sequence? The steps in my task sequence have each been tested ok, want to make sure that it assigns the group policy that makes it required to save the Bitlocker recovery key in the AD under computer properties. I want to make sure it continues from Step 5 after it completes Step 4 (see my attached screenshots). The script source is this one: http://gallery.technet.microsoft.com/780d167f-2d57-4eb7-bd18-84c5293d93e3#content I have seen on test runs that this .vbs script will force a restart of the laptop, if the TPM chip is not activated outside Windows. Any good advice or best practice to this is appreciated. It is around 400 Lenovo laptops that needs to have Bitlocker encryption on in our enterprise, the oldest we have is the T60/T61 model and the newest is the T440 and X240 from last year. PS Is there also a best practice for getting this to work in an OS Deployment TS ? So far the one Microsoft have by default in SCCM doesn't work as automatic as I want it to be Quote Share this post Link to post Share on other sites More sharing options...
Elscorpio Posted September 26, 2014 Report post Posted September 26, 2014 The task sequence I have posted screenshots, is it also possible when it is working as intended to make a reference to it in an OS Deployment TS ? Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted September 26, 2014 Report post Posted September 26, 2014 have you seen the CM12 BitLocker FrontEnd HTA yet ? CM12 in a Lab - The CM12 BitLocker FrontEnd HTA - video CM12 in a Lab - The CM12 BitLocker FrontEnd HTA Quote Share this post Link to post Share on other sites More sharing options...
Elscorpio Posted October 27, 2014 Report post Posted October 27, 2014 have you seen the CM12 BitLocker FrontEnd HTA yet ? CM12 in a Lab - The CM12 BitLocker FrontEnd HTA - video CM12 in a Lab - The CM12 BitLocker FrontEnd HTA Hi I am going to try to use the script available here: http://www.niallbrady.com/2012/10/17/enabling-bitlocker-via-a-script-on-non-english-windows-7-installations-fails/ in my task sequence, it works under different language packs in Win7 if you remove "true" to true. Quote Share this post Link to post Share on other sites More sharing options...
Aquintus Posted November 3, 2014 Report post Posted November 3, 2014 In your TS you can use the Lenovo BIOS Config scripts to activate the TPM: http://support.lenovo.com/us/en/documents/ht100612 with this command line: cscript.exe SetConfig.vbs SecurityChip Active For Bitlocker we just use the standard step "Enable BitLocker" in our TS. Note: If you want to wake up clients using WOL and in your BIOS-Config the Networkboot-order is set to LAN, the clients will ask for the Bitlocker key. We also added a step to change the order to HDD0. You can also use the Lenovo scripts to change it with the following command line: cscript.exe SetConfig.vbs NetworkBoot HDD0 Quote Share this post Link to post Share on other sites More sharing options...
