JagoWu

Where is the SMS/SCCM clients default installed location? <--- C:\Windows\CCM. The setup is located at C:\Windows\ccmsetup What is SMS/SCCM Discovery and what are the discovery methods? <-- Discovery is the method that SCCM uses to discover computer objects, user objects, and group objects in Active Directory. What is the best process for deploying a package/application from scratch? <-- You should have a big drive share that is a pre-staging area per say when you initially place the packages then import them into SCCM. After that distribute them to your DP. Under SCCM 2012, how does the DP work? <-- Simply put it is kinda of like a network share where the packages reside on that SCCM uses to send out to the clients. What client log file can be examined to determine the installation outcome of a deployed package/application? <-- All client log files are located at C:\Windows\CCM\Logs. Each log pertains to different things. See link https://technet.microsoft.com/en-us/library/hh427342.aspx

****Update**** I was able to get this to work properly. Here is the solution. 1. Created a MDT Task sequence in SCCM 2012. 2. Let it create a default Custom Settings MDT package (I named it MDTWorkgroupLaptop Settings Package because I do not want any other TS to use it). Let it create a default USMT package. Fill out the rest of the questions in the wizard. 3. Upon creation of the TS I went to the custom settings package and edit it to look like this: [settings] Priority=Default Properties=MyCustomProperty [Default] SkipCapture=YES BitsPerPel=32 VRefresh=60 XResolution=1 YResolution=1 OSDComputerName=PC_%AssetTag% SLShare=\\sccmserver\OSD\Logs BDEInstall=TPMPin BDEPin=XXXXXXX TPMOwnerPassword=SomePassword BDEInstallSuppress=NO BDEWaitForEncryption=FALSE BDEDriveSize=2000 BDEDriveLetter=S: BDERecoveryKey=AD BDEKeyLocation=\\sccmserver\OSD\LaptopRecoveryKeys BDEAllowAlphaNumericPin=Yes 4. I then told that package to update the DP. Then I made some changes to the default TS. A. Right under the Execute Task Sequence (1st step) step you should add three steps in it. SMSTSDownloadRetryCount = 5 <-- needed for downloading packages requests and such. SMSTSDownloadRetryDelay= 15 <-- needed for downloading packages requests and such. SMSTSRebootDelay=2 <-- this is the area where I do not want to wait 30 seconds for a reboot in the TS so I change it to 2 sec. B. In the steps called Format and Partition Disk (UEFI) I deleted the first 3 partitons listed and the last partition i left there. The last partition is OS Disk (Primary) C. In the step called OSDPreserveDriveLetter I set it to TRUE. If set to false then windows might install on some partition named E and when windows is installed in explorer you will have D windows instead of C windows. D. In the Apply Windows Settings step make sure you set an admin password and the timezone should be the same as the sccm server or else it seems to bomb out for me during sysprep. E. In the Setup Windows and ConfigMgr step I added the following code (I previously made a SCCM 2012 CU4 client update package but did not make a program for it). SMSMP=server.server.com FSP=server.server.com PATCH="C:\_SMSTaskSequence\OSD\00100227\Hotfix\x64\configmgr2012ac-r2-kb3026739-x64.msp" F. After Set Status 5 add new step called Request State Store. Condition USMTLOCAL Not Equals TRUE G. After Restore User State step add a step called Release State Store. Condition USMTLOCAL Not Equals TRUE H. The default bitlocker step I moved to the very last step of the task sequence. In the options tab is a condition. I changed the condition to say BDEInstallSuppress = YES. Then editing the command line to only say cscript.exe "%deployroot%\scripts\ZTIBde.wsf" This script took care of all the encryption and read the MDT rules (cs.ini) that I setup. It also saved the recovery password to a text file and the filename is the computername. Life is good. JagoWu

ThatOneGuy, I went through the same delimma and realized that the default MDT TS in SCCM has bugs. However, the good news is there are small steps in the TS you can add to make it work correctly and you should treat those added steps in the sequence as part of the default sequence. For bitlocker I am still having a headache trying to get bitlocker to save the key as a .txt file to a network share because the laptop is apart of Workgroup and not domain. Here are some things I found out that work for me in a MDT TS. 1. Right under the Execute Task Sequence (1st step) step you should add three steps in it. SMSTSDownloadRetryCount = 5 <-- needed for downloading packages requests and such. SMSTSDownloadRetryDelay= 15 <-- needed for downloading packages requests and such. SMSTSRebootDelay=2 <-- this is the area where I do not want to wait 30 seconds for a reboot in the TS so I change it to 2 sec. 2. In the steps called Format and Partition Disk (UEFI) I deleted the first 3 partitons listed and the last partition i left there. The last partition is OS Disk (Primary) 3. In the step called OSDPreserveDriveLetter I set it to TRUE. If set to false then windows might install on some partition named E and when windows is installed in explorer you will have D windows instead of C windows. 4. In the Apply Windows Settings step make sure you set an admin password and the timezone should be the same as the sccm server or else it seems to bomb out for me during sysprep. 5. After Set Status 5 add new step called Request State Store. 6. After Restore User State step add a step called Release State Store. Those added changes in the step should help you out. NOTE: This has worked for me in a BareBones install and a Refresh install.

Peter, Can I use these settings in SCCM MDT TS that I use in MDT? BDEInstall=TPMPin BDEPin=some pin TPMOwnerPassword=some password BDEInstallSuppress=NO BDEWaitForEncryption=FALSE BDEDriveSize=3000 BDEDriveLetter=S: BDERecoveryKey=AD BDEKeyLocation=\\server\LaptopRecoveryKeys BDEAllowAlphaNumericPin=Yes

Hi all, I have a SCCM MDT TS that I have created for laptops. The TPM is on and set to active in the BIOS. This is a Dell E5500. The BIOS has the latest version. If I leave the SCCM MDT template as is the TS installs correctly however Bitlocker does not start and the PIN is not entered. The laptop is not added to the domain and is set to add to Workgroup (which is what I need it to do). The SCCM client installs fine (CU4). I noticed the template default with a few bitlocker options: Pre-provision BitLocker =Logical Drive letter stored in a varible then Set Variable for Pre-provision BitLocker = True then right before installing packages Enable Bitlocker cscript.exe "%deployroot%\scripts\ZTIBde.wsf" /UDI I am not using UDI in this TS. I have tried disabling the Enbable Bitlocker and add the SCCM Enable Bitlocker and specify a PIN. When I do the TS fails with error code 0x80070002. In the CS.ini I tried having the settings of OSDBitLockerMode=TPMPIN BDEInstallSuppress=NO This scenario works great in MDT with the Enable Bitlocker step in the TS and my CS.ini looks like the below. We are not saving the recovery key to AD but a network share. BDEInstall=TPMPin BDEPin= some numbers TPMOwnerPassword=some password BDEInstallSuppress=NO BDEWaitForEncryption=FALSE BDEDriveSize=3000 BDEDriveLetter=S: BDERecoveryKey=AD BDEKeyLocation=\\servername\LaptopRecoveryKeys BDEAllowAlphaNumericPin=Yes Also how can I save the key to a network share like I do in MDT? I understand some of my bitlocker commands above are not supported in SCCM 2012 TS like saving the key to a network share. Thank You all