Jump to content


anyweb

how can I Pre-Provision BitLocker in WinPE for Windows 8 deployments using Configuration Manager 2012 SP1 ?

Recommended Posts

No luck. I added the two REG keys suggested before the Enable Bitlocker step. The keys were created but the recovery key was not stored in AD.

 

A successful build on different hardware does not create those registry keys itself and the key does get stored in AD. The SMSTS log looks the same to me on both builds.

Share this post


Link to post
Share on other sites

No luck. I added the two REG keys suggested before the Enable Bitlocker step. The keys were created but the recovery key was not stored in AD.

 

A successful build on different hardware does not create those registry keys itself and the key does get stored in AD. The SMSTS log looks the same to me on both builds.

I am I correct in assuming that the other system that you built and it stored the key is not the same type of hardware (not a Latitude 10)?

 

I also assume that your system (the one not recording to AD) is joining the domain?

 

Is the msTPM-OwnerInformation attribute value completely empty or at least have "<not set>"

Share this post


Link to post
Share on other sites

Yes the Samsung Ativ, Lenovo X230, infact everything I've tried except the Dell store their key in AD using the same TS.

 

Yes the Dell is joining the domain

 

Yes the msTPM value is empty <not set>

 

A complication on the Dell is that it has two devices under Security Devices:

 

Intel® Atom Processor Z2760 Security Engine &

TPM 1.2

 

I have had problems before where a manufacturers' TPM driver is used so I have modified the build to enable just the TPM 1.2 module but I get the same result. I do think this area is where the problem lies though.

Share this post


Link to post
Share on other sites

Hi Niall, please could I have some help. I have used your wonderful guides which have been a lifesaver but I am now attempting to encrypt a Dell Latitude E6500 with BitLocker and I have followed your instructions and it works beautifully. The only problem I have is that Windows is now installed on the D drive. I have added the task sequence variable 'OSDPreserveDriveLetter'=false but this hasn't helped. I have a identical task sequence (minus bitlocker, TPM activation etc) which works fine but the BitLocker stuff seems to cause Windows to install on D. I'm so close to having this working but need some help please. Thanks! :)

Share this post


Link to post
Share on other sites

Hi all,

I'm looking to test bitlocker on my lab, only my host PC doesn't have a tpm module.

 

When I use a task sequence to pre provision it fails... After my ts builds the client vm I can't enable blocker either as it says no tpm module present or enabled.

 

I have located a Tpm module to purchase and plug in, this isn't a problem to purchase, or am I missing something elsewhere...

 

Any help or advice appreciated as always,

Regards,wazzie

Share this post


Link to post
Share on other sites

you dont need a tpm in the host pc, but in the client machine you are testing bitlocker on (assuming it's bitlocker capable)

if it's a vm then it's not, you'll need to test bitlocker on real hardware.

Share this post


Link to post
Share on other sites

Thanks any web, yes it's a full appv lab.

This is all currently in a lab based off your wonderful notes, running 2012server, 2012 SQL and sccm 2012 sp1.

Everything works fine OSd patching etc.

 

Can't wait to get all the r2editions and build it again, see what's new.

 

So to confirm, if I buy a tpm module for the app v host the clients won't be able to virtualise that piece of hardware?

Looks like its time I get a small switch, a real tpm PC and get some bitlocker action!!!! On a real box.

 

Thanks so much for you gems of info.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.