Jump to content


EGGLAS

MDT and Bitlocker Offline PC

Recommended Posts

Hi,

 

I have trouble activating Bitlocker on Offline PC during task sequence in MDT.

We are in the process creating offline PCs that will never speak to AD and we want to enable bitlocker on thoose computers.

 

Does anyone know how to do it?

We are completley stuck when trying to enable it with Customsettings.ini or activiating trough Powershell. When we are using Powershell we can enable bitlocker but not exporting any Recovery key to a file.

 

Does anyone haev any suggestions how to get this to work?

​Kind regards,

EGGLAS

Share this post


Link to post
Share on other sites


I'm having the same issue. I do have TPM enable using the HP Tools with my task sequence. TPM  is enabled but bitlocker is not enable. Need Help!

Share this post


Link to post
Share on other sites

I seem to remember that you need to enable settings in the registry in order to install bitlocker when away from MBAM/AD.  I Use the following reg entries on mine when they are standalone PCs

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE]
"EncryptionMethod"=dword:00000002
"DisallowStandardUserPINReset"=dword:00000000
"OSEnablePrebootInputProtectorsOnSlates"=dword:00000001
"UseAdvancedStartup"=dword:00000001
"EnableBDEWithNoTPM"=dword:00000000
"UseTPM"=dword:00000002
"UseTPMPIN"=dword:00000002
"UseTPMKey"=dword:00000000
"UseTPMKeyPIN"=dword:00000000

Share this post


Link to post
Share on other sites

Update on this, we went with a script when the support logged on the PC they activated bitlocker and exported the recovery key. Not the best solution but this worked best in our case since the support anyway need to do some manually work before the user could have the PC. 

And Yes ITS-Andy TPM was activated :)  That was never an issue. 

 

Share this post


Link to post
Share on other sites

@ Egglas...  we also have to manually enable bitlocker which encrypt the drive and it export the key to AD.  We are trying to get it automated with the task sequence but it just doesn't seem to work. TPM is enable and bios password is set but bitlocker doesn't get  enable. I'm so fustrated..

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...