Jump to content


Search the Community

Showing results for tags 'Bitlocker'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Cloud
    • Azure
    • Microsoft Intune
    • Office 365
  • General Stuff
    • General Chat
    • Events
    • Site News
    • Windows News
    • Suggestion box
    • Jobs
  • MDT, SMS, SCCM, Current Branch &Technical Preview
    • How do I ?
    • Microsoft Deployment Toolkit (MDT)
    • Official Forum Supporters
    • SMS 2003
    • Configuration Manager 2007
    • Configuration Manager 2012
    • System Center Configuration Manager (Current Branch)
    • Packaging
    • scripting
    • Endpoint Protection
  • Windows Client
    • how do I ?
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows Vista
    • Windows XP
    • windows screenshots
  • Windows Server
    • Active Directory
    • Microsoft SQL Server
    • System Center Operations Manager
    • KMS
    • Windows Deployment Services
    • NAP
    • Failover Clustering
    • PKI
    • Windows Server 2008
    • Windows Server 2012
    • Windows Server 2016
    • Windows Server 2019
    • Hyper V
    • Exchange
    • IIS/apache/web server
    • System Center Data Protection Manager
    • System Center Service Manager
    • System Center App Controller
    • System Center Virtual Machine Manager
    • System Center Orchestrator
    • Lync
    • Application Virtualization
    • Sharepoint
    • WSUS

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

  1. I run the script for creating a BitLocker portals. , I tried to access the portal but cannot connect it keeps prompting for the credential.
  2. Hi Nial, Hi everybody Have you ever had this error? I am working on activating the new MBAM functionality on SCCM 2002 (in the laboratory). https is configured but when running the script, I get the warning "Unable to determine web service uri to Audit Report ... Can you help me please ?
  3. Hello, hoping for some help from with a strange issue I have on a customer site I am currently unable to build Dell Optiplex 5040 devices with Windows 10 1909 x64 Enterprise from an Endpoint manager 1910 MDT integrated task sequence. The task sequence fails when trying to execute the Invoke-MbamClientDeployment.ps1 script. I have detailed the high level tasks below and attached the SMSTS.log. BIOS upgraded to latest version BIOS Reset to factory settings BIOS Password Set BIOS Standard config applied UEFI Boot enabled TPM Cleared & activa
  4. Does anyone know of a way to create a report that shows a list of Windows 10 Pro devices that are configured with BitLocker from Intune? Since they are using Pro Edition, Endpoint Protection Policies don't work so I am using the default Windows Device Restriction Policy that includes device encryption in the Azure AD Join process. The only type of reporting option I found was using Intune Data Warehouse in conjunction with PowerBI. So far, I set it to show "osCaption", "deviceName", and "encryptionState". The problem is that the data that comes out of the "encryptionState" is very confus
  5. Introduction In Part 1 I showed you how you can configure BitLocker on Windows 10 devices using Microsoft Intune, but that method relies on the end user actually clicking on the notification in Windows and then continuing through the wizard until completion. In this post I'll show you how you can automate that part of the process, using an MSI that is based upon an MSI that was originally created by Pieter WigLeven. That MSI creates a scheduled task to run daily until the drive is encrypted. Pieter's solution was great but lacked some key features that I wanted such as logging (
  6. Hi All, We are experiencing a weird issue with BitLocker when re-installing existing Windows 10 1709 machines with Windows 10 1903. The machines are hybrid AD joined and the BitLocker recovery information is stored in Active Directory. During a new installation of the device with Windows 10 1903, the BitLocker key fails on storing the recovery information in Active Directory. After examining the Windows event log, it turns out the device is trying to store the recovery information in Azure AD. Is this new behavior of Windows 10 1903 and can we modify this behavior?
  7. Hi There, Anyone here has hands-on experience on implement Bit-Locker To-Go? In my environment we use SCCM CB-1902 and MBAM server & client. We have single drive in all the client and it has been protected using MBAM agent. Now looking for encryption the removal disc \USB automatically, when it insert. How can I achieve this? Please free to ask me, if required more information. BR, Biju
  8. Customer has upgraded to Config-Mgr 1910 and now would like to use BitLocker management. however currently encryption is happening via McAfee and would like to migrate from McAfee to Bitlocker. anyone has run into this scenario as of now? Windows 7 devices needs Wipe and load to use Bitlocker feature or exiting OS can we implement bitlocker and remove McAfee agents.
  9. HI On a Windows 10 OSD TS, i want ot add the Bitlocker recover Key to Azure for Hybrid Joined devices. How can i achive this from an SCCM TS? Thanks
  10. Please guys, I need a help, cuz I become a mad. I have spent a lot of time for this problem, and can't solve it. I'm trying to deploy MBAM client 2.5 SP1 (September update) on Windows 10 1803 with storing recovery keys on MBAM server via SCCM2012 r2 task sequence. I have deployed MBAM server at our SQL Server with SCCM integration ( at another server with sccm 2012 r2). Also I've configure MBAM services with SSL certificate, which is created by CA. The problem is error 0x00000001 in " InvokeMbamClientDeployment.ps1" step during Task Sequence. It's absolutely strange , but when I do thi
  11. Hi all, First time poster, so apologise in advance if I post incorrectly. Currently building Windows 10 devices, some are upgrades from Windows 7 to Windows 10 and others are fresh Windows 10 using SCCM (MDT integrated). This works as expected, but when I log in and check TPM Administration the following message show up Reduced Functionality errors codes 0x400900 = The Device lock counter has not be created 0x2900 = The monotonic counter incremental during the boot has not been created Do I need to do something in the Task Sequence to clear the protect
  12. You may have already seen Part 2 of this series where you can automate BitLocker encryption in Intune using supplied MSI's, which contain logging, reboot prompt and other features. I've put together this video to show you how you can test the PowerShell scripts contained within the two MSI's here. This allows you to test the scripts outside of Intune, and when you are happy with the results you can re-package them and deploy the MSI via Intune. The video shows you how to use Psexec to start a process (in this example it's CMD.EXE) as SYSTEM. psexec.exe /s /i cmd.exe After star
  13. Hi all, I'm hoping that someone can help as I'm really struggling to find anyone else that's had this specific problem. When trying to build brand new HP equipment with an SCCM (MDT integrated) OSD task sequence I am seeing the following error when the machine runs the "Invoke-MbamClientDeployment.ps1" script: Failed to escrow TPM owner-auth to http://MBAMSERVER.domain/MBAMRecoveryAndHardwareService/CoreService.svc. HRESULT: 0x80280012 I've found that 0x80280012 means "There is no Storage Root Key (SRK) set." but I'm struggling to understand why this error only effects some
  14. Hello everyone, I have the client that wants to do something specific with bitlocker and its pins, but that is beyond of this topic. Issues is: When you create a step in task sequence to set up the bitlocker, if you choose TPM and PIN, you will be able to backup the recovery key into Active Directory. But, if you try to do the same via command line on the client, you will get the error: The key protector specified cannot be used for this operation. Somebody have a clue how to overcome this, since we really want only to use TPM and PIN and to store recovery key in AD, for s
  15. Hi, We're looking at a wipe and reload on all of our machines because we're changing our encryption from Checkpoint to BitLocker as we move from Windows 7 to Windows 10. However, I'm wondering if it's possible to use hardlinks for USMT since we do have the Checkpoint filter driver as part of our boot wim. I can't find much about this topic on Google or anywhere else. Our environment is SCCM 1710 and we're moving to Win 10 1703 currently. Checkpoint is 80.64 FDE. Any advice would be helpful. Thanks in advance.
  16. Hello all, I have a specific question for a customer of mine. This customer is using a custom boot images + scripting to deploy Windows machines. SCCM/MDT is not used in the deployment process (SCCM is only used to manage the assets and push software). They want to integrate the deployment of bitlocker in this custom bootimage. What would be the best start to do this? Could the same scripts of the TS steps in MDT (pre-provision bitlocker & enable bitlocker) be used? How could this be done? At the moment the customer is using Windows 7 but would like to move to windows 10. Ar
  17. Are you planning to deploy Microsoft Intune and looking for straightforward technical guidance to help you accelerate this effort? Please join us as we share our deployment experience working with customers from all over the world, covering Intune pilot planning, deployment and management. At the end of this session, you will have a solid foundation to deliver a successful Intune pilot deployment in your organization. The above is a session I did with Peter Daalmans @ Microsoft Ignite on Friday 29th of September 2017, please check it out especially if you are interested in Micro
  18. actually i made a task sequence for MBAM to encrypt all drives - it starts only, when i´m login to Windows 10, but i need it while the tasksequence is running, before starting installing Office 365 and so on. Have anyone experience for this step? the mbam-client config (last step) set the registry for "no delay" and the mbam-client-Trigger -> reg.exe ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Run /t REG_SZ /v TriggerMBAM /d "%ProgramFiles%\Microsoft\MDOP MBAM\MBAMClientUI.exe" /f will not run, have tried on different places in the tasksequence, but nothing worked ... is it
  19. Introduction Security is a big focus for many companies, especially when it comes to data leakage (company data). Encrypting data on Windows 10 devices using BitLocker means that data is protected ("data at rest") . Microsoft Intune got yet more updates on June 30th, 2017, one of which was the ability to configure BitLocker settings detailed here. This ability was initially raised as a uservoice item. So let's take a look at how it works. Step 1. Create a Device Configuration Profile In the Azure Portal, navigate to Intune, and select Device Configuration, then click on
  20. Morning All, I have a Windows 10 Task Sequence for a standalone laptop which I need to encrypt with Bitlocker as part of the OSD build. The machine encrypts with bitlocker fine but I cannot find a way to export the recovery key either to a network share (with appropriate credentials) or the local disk (to then backup from the device) during the task sequence. Wondering if anyone has managed to get this working or if has to remain a manual step, i'd appreciate any help/advice? thanks in advance,
  21. Hi, I'm having trobule with refreshing Windows 10 computers from WinPE. We need to upgrade BIOS before BIOS Conversion step in CM1610 and set BIOS settings. When reinstalling an computer it fails at staging Boot image. I have tried to size up the disk so it can hold larger WinPE Boot image but it does not work. 2048 MB Recovery 1024 MB EFI 128 MB MSR 100% OSD If I disable the step for BIOS Upgrade and Configure I can reinstall an computer without problems. <![LOG[Process completed with exit code 1]LOG]!><time="14:10:08.323-120" date="05-10-2017" componen
  22. Hi, I'm having trobule with refreshing Windows 10 computers from WinPE. We need to upgrade BIOS before BIOS Conversion step in CM1610 and set BIOS settings. When reinstalling an computer it fails at staging Boot image. I have tried to size up the disk so it can hold larger WinPE Boot image but it does not work. 2048 MB Recovery 1024 MB EFI 128 MB MSR 100% OSD If I disable the step for BIOS Upgrade and Configure I can reinstall an computer without problems. <![LOG[Process completed with exit code 1]LOG]!><time="14:10:08.323-120" date="05-10-2017" componen
  23. Hello, I've looked on many of forums and I am trying to find a way to enable bitlocker using a task sequence so I don't have to manually do every single laptop separately. I did download and created a package using the Dell CCTK and created a package using the Dell\X86_64 and include all the contents inside. I then add it to the TS and fails. Just dont get why it isnt working and any help would be amazing. Thanks!
  24. Hello, I'm having a problem enabling BitLocker on Windows 10 v1607 during the task sequence for one model laptop: Dell Latitude E5450 -- except that it does work about 10% of the time. I haven't been able to narrow it down to a specific hardware problem and different BIOS update versions and drivers also result in mixed successes (even on the same exactly laptop). Strangely, the E5450 model has worked historically with the Windows 10 LTSB 2015 version and BitLocker. Models in our environment that work 100% off the time (with the same exactly task sequence) include Latitude E6430, E5440,
  25. The writing of the Bitlocker key to AD has been working flawlessly... until we started to receiving machines with SSD drives in them. The task sequence works flawlessly with no errors. The problem is the bitocker recovery tab within AD is empty. I can run the manual way (https://blogs.technet.microsoft.com/askcore/2010/04/06/how-to-backup-recovery-information-in-ad-after-bitlocker-is-turned-on-in-windows-7/ ) and it will input the data in to ad, but I do not want to have to do this . The real strange thing is if I remove the machine from AD, and reimage it, the key properly registers
×
×
  • Create New...