Silencer001 Posted September 21, 2015 Report post Posted September 21, 2015 Hello all, I have a specific question for a customer of mine. This customer is using a custom boot images + scripting to deploy Windows machines. SCCM/MDT is not used in the deployment process (SCCM is only used to manage the assets and push software). They want to integrate the deployment of bitlocker in this custom bootimage. What would be the best start to do this? Could the same scripts of the TS steps in MDT (pre-provision bitlocker & enable bitlocker) be used? How could this be done? At the moment the customer is using Windows 7 but would like to move to windows 10. Are there new things regarding the deployment of bitlocker we need to keep in mind or is the deployment the same as in Windows 8? On technet, I couldn't find anything new listed regarding to deployment of bitlocker in windows 10. Since this customer doesn't have SA, they can't use MBAM and the new deployment capabilities in 2.5 sp1... I was looking for the same deploymen tmethod as these powershell scripts if this would be possible? Thanks in advance! Quote Share this post Link to post Share on other sites More sharing options...
0 anyweb Posted September 21, 2015 Report post Posted September 21, 2015 i'm deploying windows 10 with bitlocker right now, no need for the mbam client unless you want those features later, you can use pre-provision bitlocker and the enable bitlocker built in steps to do what you need Quote Share this post Link to post Share on other sites More sharing options...
0 Silencer001 Posted September 22, 2015 Report post Posted September 22, 2015 Hi Niall, thanks for your quick reply! The "problem" is that the customer is keen on keeping their custom environment. So they really can't use the steps in MDT, since they don't use MDT. Is there a way to use the scripts of these steps in order to provision bitlocker and enable it after the OS has been laid down? Thx!! Quote Share this post Link to post Share on other sites More sharing options...
0 anyweb Posted September 22, 2015 Report post Posted September 22, 2015 so to understand your question you want to pre-provision bitlocker AFTER the os has laid down ? normally you pre-provision bitlocker at the beginning of the task sequence after formatting the disk to save time, why not use the built-in steps in a ConfigMgr task sequence for achieving this ? see screenshot below... Quote Share this post Link to post Share on other sites More sharing options...
0 Silencer001 Posted September 25, 2015 Report post Posted September 25, 2015 so to understand your question you want to pre-provision bitlocker AFTER the os has laid down ? normally you pre-provision bitlocker at the beginning of the task sequence after formatting the disk to save time, why not use the built-in steps in a ConfigMgr task sequence for achieving this ? see screenshot below... bitlocker steps.png Hi Niall, Thanks for your reply! This because the customer who wants to enable bitlocker in Windows 10 isn't using MDT/SCCM. They have created custom bootimages with custom scripts on a custom deploymentshare for their custom deployment framework.. Now they are looking for a standard script to enable bitlocker in their installation sequence. They still want to pre-provision bitlocker before the OS has been laid down. So is there a way to use the wsf/vbs scripts of MDT/SCCM outside of MDT/SCCM to accomplish the same thing?! Thanks in advance! Regards Quote Share this post Link to post Share on other sites More sharing options...
0 anyweb Posted September 25, 2015 Report post Posted September 25, 2015 Microsoft have made the scripts free to use (MDT) so why can't the customer use them ? re-inventing the wheel seems counterintuative Quote Share this post Link to post Share on other sites More sharing options...
0 Silencer001 Posted September 25, 2015 Report post Posted September 25, 2015 Microsoft have made the scripts free to use (MDT) so why can't the customer use them ? re-inventing the wheel seems counterintuative I'm on your side of the discussion and you're completely right, Niall. But it's difficult to convince the customer to replace a custom framework & scripts on which they have worked for over 10 years. Especially if this framework is the main tool to initiate deployments, logging, OSD,.. But can it be done? Using the scripts of MDT outside of MDT? I guess it won't be as easy as just calling the script with 1 line of code in a custom WinPE bootimage and bitlocker will be provisioned and later enabled? Quote Share this post Link to post Share on other sites More sharing options...
0 anyweb Posted September 25, 2015 Report post Posted September 25, 2015 I havn't tried it specifically but i'd imagine it should work, try it and let us know Quote Share this post Link to post Share on other sites More sharing options...
0 Silencer001 Posted September 28, 2015 Report post Posted September 28, 2015 I havn't tried it specifically but i'd imagine it should work, try it and let us know Hi Niall, Thanks for the information! I'll discuss it with the customer and let you know how we'll proceed. I don't have access to the custom boot environment, but think I can also test it here with something else ;-) Keep you posted when I've more information. Quote Share this post Link to post Share on other sites More sharing options...
0 RhoSysAdmin Posted January 29, 2018 Report post Posted January 29, 2018 We're new to BitLocker and SCCM. We've got Windows 10 deployment working with MDT 2013 and SCCM current branch. We'd like to add BitLocker to this setup, but the standard "Create Task Sequence" template for the MDT Task Sequence wizard doesn't present any BitLocker options that I can see. Is there easy to understand documentation out there on how to add the enabling of BitLocker to your SCCM/MDT OS deployment of Windows 10? Thanks! Quote Share this post Link to post Share on other sites More sharing options...
Hello all,
I have a specific question for a customer of mine. This customer is using a custom boot images + scripting to deploy Windows machines.
SCCM/MDT is not used in the deployment process (SCCM is only used to manage the assets and push software).
They want to integrate the deployment of bitlocker in this custom bootimage. What would be the best start to do this?
Could the same scripts of the TS steps in MDT (pre-provision bitlocker & enable bitlocker) be used? How could this be done?
At the moment the customer is using Windows 7 but would like to move to windows 10.
Are there new things regarding the deployment of bitlocker we need to keep in mind or is the deployment the same as in Windows 8?
On technet, I couldn't find anything new listed regarding to deployment of bitlocker in windows 10.
Since this customer doesn't have SA, they can't use MBAM and the new deployment capabilities in 2.5 sp1...
I was looking for the same deploymen tmethod as these powershell scripts if this would be possible?
Thanks in advance!
Share this post
Link to post
Share on other sites