Jump to content


  • 0
EGGLAS

MDT and Bitlocker Offline PC

Question

Hi,

 

I have trouble activating Bitlocker on Offline PC during task sequence in MDT.

We are in the process creating offline PCs that will never speak to AD and we want to enable bitlocker on thoose computers.

 

Does anyone know how to do it?

We are completley stuck when trying to enable it with Customsettings.ini or activiating trough Powershell. When we are using Powershell we can enable bitlocker but not exporting any Recovery key to a file.

 

Does anyone haev any suggestions how to get this to work?

​Kind regards,

EGGLAS

Share this post


Link to post
Share on other sites

6 answers to this question

Recommended Posts

  • 0

I seem to remember that you need to enable settings in the registry in order to install bitlocker when away from MBAM/AD.  I Use the following reg entries on mine when they are standalone PCs

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE]
"EncryptionMethod"=dword:00000002
"DisallowStandardUserPINReset"=dword:00000000
"OSEnablePrebootInputProtectorsOnSlates"=dword:00000001
"UseAdvancedStartup"=dword:00000001
"EnableBDEWithNoTPM"=dword:00000000
"UseTPM"=dword:00000002
"UseTPMPIN"=dword:00000002
"UseTPMKey"=dword:00000000
"UseTPMKeyPIN"=dword:00000000

Share this post


Link to post
Share on other sites

  • 0

Update on this, we went with a script when the support logged on the PC they activated bitlocker and exported the recovery key. Not the best solution but this worked best in our case since the support anyway need to do some manually work before the user could have the PC. 

And Yes ITS-Andy TPM was activated :)  That was never an issue. 

 

Share this post


Link to post
Share on other sites

  • 0

@ Egglas...  we also have to manually enable bitlocker which encrypt the drive and it export the key to AD.  We are trying to get it automated with the task sequence but it just doesn't seem to work. TPM is enable and bios password is set but bitlocker doesn't get  enable. I'm so fustrated..

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.