Jump to content


anyweb

how can I Pre-Provision BitLocker in WinPE for Windows 8 deployments using Configuration Manager 2012 SP1 ?

Recommended Posts

Hi,

 

I used your task sequence for enabling bilocker on a Dell laptop (Windows 7x64) and it was working great!
Then I explictely disabled the TPM on the Dell and restarted the task sequence as doublecheck and now the last step (enable bitlocker) failed(!).

So, looking at this forum I wonder what I should do

*when restaging a bitlockered machine, should I remove a recovery key first from AD?

*Should I enable a Windows driver for bitockering (which one then)?

...

 

Thanks for your input.

Regards,
J

Share this post


Link to post
Share on other sites

 

Then I explictely disabled the TPM on the Dell and restarted the task sequence as doublecheck and now the last step (enable bitlocker) failed(!).

 

isn't that expected behaviour ? what were you expecting to happen ?

Share this post


Link to post
Share on other sites

Thanks for your reply.
I just want to test that laptops "out of the box" will be TPM enabled during task sequence.

 

Note: after some adaptations it does not work anymore. I wonder if xcopy.exe ".\Dell\CCTK\X86_64\*.*" "x:\CCTK\X86_64\" /E /C /I /Q /H /R /Y /S is correct whereas the package source points to ... \Bitlocker\Dell\CCTK\X86_64, should the xcopy then not be xcopy.exe *.* (without the path)?

Share this post


Link to post
Share on other sites

Hi,

 

I used your task sequence for enabling bitlocker on a Dell laptop (Windows 7 x86), how would i go about integrating MBAM into the task sequence, assuming the MBAM server is setup and Group policy is enabled.

 

 

Do i just install the MBAM client at the end of the TS ? and would this take ownership of bitlocker ?

 

thank you

Share this post


Link to post
Share on other sites

Do i just install the MBAM client at the end of the TS ? and would this take ownership of bitlocker ?

 

 

you can install the MBAM client and any associated registry keys at the end of the task sequence and once installed MBAM will take control of your bitlocker environment, in the CM12 HTA I do just that here.

 

Share this post


Link to post
Share on other sites

 

 

you can install the MBAM client and any associated registry keys at the end of the task sequence and once installed MBAM will take control of your bitlocker environment, in the CM12 HTA I do just that here.

 

 

 

Hi,

 

Would you mind specifying how you are taking control using MBAM, after installing the client, in this task sequence? I can see that you are installing the client, but you're not adding any regkeys in the TS with MBAM server connection specifics.

 

If I understand it right, your TS will install the MBAM client, wait for the group policy to apply and then pop up the MBAM Wizard to the user. Is that correct?

 

Thanks!

Share this post


Link to post
Share on other sites

you can set registry keys before or after the mbam client is installed to set the FVE settings in the registry this is because group policy cant be processed until after the task sequence is complete,

once it is complete if any bitlocker actions are still required the mbam agent will popup within the 90 minutes period and prompt/inform the user

the registry keys are the values that you set when setting your mbam options (group policy settings)

 

i'll see if I can export them from a computer here and upload them for you

Share this post


Link to post
Share on other sites

you can set registry keys before or after the mbam client is installed to set the FVE settings in the registry this is because group policy cant be processed until after the task sequence is complete,

once it is complete if any bitlocker actions are still required the mbam agent will popup within the 90 minutes period and prompt/inform the user

the registry keys are the values that you set when setting your mbam options (group policy settings)

 

i'll see if I can export them from a computer here and upload them for you

 

Thanks, an export would be great to have.

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.