bitlocker is a password centered disk encryption system built into windows which encrypts your volumes and server platforms.
When your do a new deployment on a new computer with mdt you want automatically enable the TPM chip and encrypt the disk.
On 1 Feb 2012 a wrote an article about how to Enable TPM devices on HP Laptops trough MDT.
When you create a new client task sequence enable Bitlocker is default on.
After that I found a bug in mdt 2012 witch cost me al lot of time finding the answer.
MDT 2012 – Settings Per Task Sequence
So let's begin.
Open Customsettings.ini
change the following
[Settings]
Priority=Default
Properties=MyCustomProperty
to
[Settings]
Priority=TaskSequenceID, Default
Properties=MyCustomProperty
Add the following text.
[HP6560B] = TaskSequenceID in my Case
MachineObjectOU=ou=laptops,ou=ward,dc=wardvissers,dc=local
BdeInstallSuppress=NO
BDEDriveLetter=S:
BDEDriveSize=300
SkipBitLocker=NO
BDEInstall=TPM
BDERecoveryKey=AD
OSDBitLockerWaitForEncryption=TRUE
BDEKeyLocation=\\ward-bh01.wardvissers.local\Bitlocker$
And change the following SkipBitLocker=YES under [DEFAULT]
In my case on the OU Laptops I created the following Bitlocker group policy
Important:
group Policy's will break deployment's
You must log in to post a comment.