Search the Community
Showing results for tags 'encrypted usb'.
Hi All, I have searched high and low, non-stop for days trying to find an answer. I have finally admitted defeat because I am unable to find the information "out there", as I can normally find "anything" within minutes of searching and so after 3 days, it's fair to say I have been unsuccessful. Task 1: Create a regular task sequence to install my OS image. My task sequence is very generic and is built from the default structure/template assigned by the wizard when installing an image package TS. The task sequence works perfectly fine when a machine PXE boots and the respective TS is selected. The process goes from end to end, and results with an install OS that uses my unattend.xml to make the operation as lite touch as possible. The only drive (C:) is bitlocked in the process by design. Everything is great so far! Task 2: Create a USB Media of the Task Sequence I have a requirement to port this over to a USB pen drive. Using the "Create Task Sequence Media" wizard, I built a USB pen drive. I tested it by booting from the pen drive on physical hardware, and watched the process all the way through. There were NO errors - perfect! Then I shortly realised that when I removed the USB pen drive and started up the computer, I got the Bitlocker Drive Encryption Password Entry screen. The computer had encrypted with the assumption that my USB pen drive was a part of the hardware, and so when it was removed, it believes the hardware had changed. I had to insert the USB pen drive in order to boot the computer to Windows, and only then could I remove the USB pen drive. Problem/Question: What do I need to do to bypass/ignore the USB Media being apart of the hardware? My thoughts were: Method 1: implement a script that forces the user to eject/remove the USB pen drive at a specific step in the TS so that the sequence will continue and bitlocker the hard disk, and since there is no USB pen drive present at this time, everything should be OK. Concerns: I have written a script that will not "finish/exit" unless the USB drives are all empty and do not contain any mass storage devices. My concerns are that once the USB has been removed, I would assume an error would occur because the USB media is missing here on and it can not be read from. How do I overcome this - is this the right thought process? Method 2: Script the bit locker step so that it totally ignores the USB drive when encrypting. Concerns: I don't know how to tell bit locker to ignore the USB pen drive (baring in mind that the USB drive letter could vary depending on the specs of the hardware it is inserted into). Also, encrypting the USB drive is not the actual problem because that doesn't happen (only the C: drive is encrypted), the problem is that the system appears to think the USB pen drive is part of the physical machine. As I have said, I've been hurting my brain for days now to get at least some guidance on this, and I've come up with nothing. This must have been done before by *someone, somewhere*, right? Any advice or tips are appreciated - but better yet, if anyone has first hand experience of doing this, I would love to hear from you. Thanks, WizzKidd