Jump to content


Recommended Posts

Hello all,

 

I have a specific question for a customer of mine. This customer is using a custom boot images + scripting to deploy Windows machines.

SCCM/MDT is not used in the deployment process (SCCM is only used to manage the assets and push software).

 

They want to integrate the deployment of bitlocker in this custom bootimage. What would be the best start to do this?

Could the same scripts of the TS steps in MDT (pre-provision bitlocker & enable bitlocker) be used? How could this be done?

 

At the moment the customer is using Windows 7 but would like to move to windows 10.

Are there new things regarding the deployment of bitlocker we need to keep in mind or is the deployment the same as in Windows 8?

On technet, I couldn't find anything new listed regarding to deployment of bitlocker in windows 10.

 

Since this customer doesn't have SA, they can't use MBAM and the new deployment capabilities in 2.5 sp1...

I was looking for the same deploymen tmethod as these powershell scripts if this would be possible?

 

Thanks in advance!

Share this post


Link to post
Share on other sites


i'm deploying windows 10 with bitlocker right now, no need for the mbam client unless you want those features later,

you can use pre-provision bitlocker and the enable bitlocker built in steps to do what you need

Share this post


Link to post
Share on other sites

Hi Niall, thanks for your quick reply! The "problem" is that the customer is keen on keeping their custom environment.

So they really can't use the steps in MDT, since they don't use MDT.

 

Is there a way to use the scripts of these steps in order to provision bitlocker and enable it after the OS has been laid down? Thx!!

Share this post


Link to post
Share on other sites

so to understand your question you want to pre-provision bitlocker AFTER the os has laid down ? normally you pre-provision bitlocker at the beginning of the task sequence after formatting the disk to save time,

 

why not use the built-in steps in a ConfigMgr task sequence for achieving this ? see screenshot below...

 

bitlocker steps.png

Share this post


Link to post
Share on other sites

so to understand your question you want to pre-provision bitlocker AFTER the os has laid down ? normally you pre-provision bitlocker at the beginning of the task sequence after formatting the disk to save time,

 

why not use the built-in steps in a ConfigMgr task sequence for achieving this ? see screenshot below...

 

attachicon.gifbitlocker steps.png

Hi Niall,

 

Thanks for your reply!

This because the customer who wants to enable bitlocker in Windows 10 isn't using MDT/SCCM.

They have created custom bootimages with custom scripts on a custom deploymentshare for their custom deployment framework..

 

Now they are looking for a standard script to enable bitlocker in their installation sequence.

They still want to pre-provision bitlocker before the OS has been laid down.

 

So is there a way to use the wsf/vbs scripts of MDT/SCCM outside of MDT/SCCM to accomplish the same thing?!

 

Thanks in advance!

 

Regards

Share this post


Link to post
Share on other sites

Microsoft have made the scripts free to use (MDT) so why can't the customer use them ? re-inventing the wheel seems counterintuative

Share this post


Link to post
Share on other sites

Microsoft have made the scripts free to use (MDT) so why can't the customer use them ? re-inventing the wheel seems counterintuative

I'm on your side of the discussion and you're completely right, Niall.

But it's difficult to convince the customer to replace a custom framework & scripts on which they have worked for over 10 years.

Especially if this framework is the main tool to initiate deployments, logging, OSD,..

 

But can it be done? Using the scripts of MDT outside of MDT?

I guess it won't be as easy as just calling the script with 1 line of code in a custom WinPE bootimage and bitlocker will be provisioned and later enabled?

Share this post


Link to post
Share on other sites

I havn't tried it specifically but i'd imagine it should work, try it and let us know

Share this post


Link to post
Share on other sites

I havn't tried it specifically but i'd imagine it should work, try it and let us know

Hi Niall,

 

Thanks for the information! I'll discuss it with the customer and let you know how we'll proceed.

I don't have access to the custom boot environment, but think I can also test it here with something else ;-)

 

Keep you posted when I've more information.

Share this post


Link to post
Share on other sites

We're new to BitLocker and SCCM. We've got Windows 10 deployment working with MDT 2013 and SCCM current branch. We'd like to add BitLocker to this setup, but the standard "Create Task Sequence" template for the MDT Task Sequence wizard doesn't present any BitLocker options that I can see.

Is there easy to understand documentation out there on how to add the enabling of BitLocker to your SCCM/MDT OS deployment of Windows 10?

Thanks!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...