Jump to content


Recommended Posts

Hello,

I'm having issues bitlockering M810z with SCCM, it seems to go through fine but it appears that the TPM version is set to 2.0, I saw on the latest BIOS version that there's support for 'TPM FW Switch Feature' so hoping this is what I need, I've set up SCCM to flash the BIOS for this model, but is there any BIOS settings that I can push through SCCM to ensure that the TPM module is set to 1.2? The TPM chip is set to 'Discrete' already...

 

BIOS I'm upgrading to is here: http://pcsupport.lenovo.com/ec/en/products/DESKTOPS-AND-ALL-IN-ONES/THINKCENTRE-M-SERIES-DESKTOPS/M810Z/downloads/DS121000

 

I'm also having issues updating the BIOS via OSD as I'm unsure where abouts to insert the install\reboot steps as it needs to before the 'Enable Bitlocker' step, here's what my TS looks like at present, deploying Windows 7 Enterprise x64:

image.thumb.png.355ded9bf2161c4287d5fdd64b5ecfc4.png

Any advice?

 

 

Share this post


Link to post
Share on other sites

6 minutes ago, simulacra75 said:

Not entirely sure why you're trying to get BitLocker to work with Windows 7 Professional, because it doesn't/cannot work. It's not implemented in Windows 7 Professional. You need to have Windows 7 Ultimate or Enterprise to use BitLocker.

Sorry, I meant enterprise. :)

Share this post


Link to post
Share on other sites

Well then, that's different!

Okay. Lenovo make things a little easier because they expose the BIOS settings to WMI. This means you can use Powershell, for example, to get settings from WMI and also to change them.

 

Display all BIOS Settings in Powershell

gwmi -class Lenovo_BiosSetting -namespace root\wmi | ForEach-Object {if ($_.CurrentSetting -ne "") {Write-Host $_.CurrentSetting.replace(","," = ")}}

 

Get all possible values for a particular setting (TPM chip in this example)

(gwmi –class Lenovo_GetBiosSelections –namespace root\wmi).GetBiosSelections("SecurityChip") |Format-List Selections

 

Change and save a BIOS setting (making TPM active in this example. Note the 2 step process, changing the value and then saving said value. Also note the setting string is case-sensitive)

(gwmi -class Lenovo_SetBiosSetting –namespace root\wmi).SetBiosSetting("SecurityChip,Active")

(gwmi -class Lenovo_SaveBiosSettings -namespace root\wmi).SaveBiosSettings()

 

That should be enough to get you started i think. Probably worth pointing out that changing BIOS settings via Powershell is not supported on ALL Lenovo models. Give it a try though.

 

Share this post


Link to post
Share on other sites

53 minutes ago, simulacra75 said:

Well then, that's different!

Okay. Lenovo make things a little easier because they expose the BIOS settings to WMI. This means you can use Powershell, for example, to get settings from WMI and also to change them.

 

Display all BIOS Settings in Powershell

gwmi -class Lenovo_BiosSetting -namespace root\wmi | ForEach-Object {if ($_.CurrentSetting -ne "") {Write-Host $_.CurrentSetting.replace(","," = ")}}

 

Get all possible values for a particular setting (TPM chip in this example)

(gwmi –class Lenovo_GetBiosSelections –namespace root\wmi).GetBiosSelections("SecurityChip") |Format-List Selections

 

Change and save a BIOS setting (making TPM active in this example. Note the 2 step process, changing the value and then saving said value. Also note the setting string is case-sensitive)

(gwmi -class Lenovo_SetBiosSetting –namespace root\wmi).SetBiosSetting("SecurityChip,Active")

(gwmi -class Lenovo_SaveBiosSettings -namespace root\wmi).SaveBiosSettings()

 

That should be enough to get you started i think. Probably worth pointing out that changing BIOS settings via Powershell is not supported on ALL Lenovo models. Give it a try though.

 

Hello,

Thanks for this, I did see this on Lenovos website, however it appears that it's mostly designed for their thinkpads, thinkcentres appear to have less functionality.... do you know if the above will apply to ThinkPads and ThinkCentres?

Source: https://support.lenovo.com/ec/en/solutions/ht100612

Share this post


Link to post
Share on other sites

AFAIK, you cannot use a 64-bit boot image in your TS because the Lenovo BIOS Flash utility only supports the x86 architecture. On top of this you need to add a specific  "Run Command Line" that does a "full" restart of the target computer, 

cmd.exe /c shutdown /s /t 0 /f

That should do it but if you cannot use an x86 boot image, you're screwed until Lenovo provide an 64-bit compatible Flash utility

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.