Jump to content


anyweb

how can I Pre-Provision BitLocker in WinPE for Windows 8 deployments using Configuration Manager 2012 SP1 ?

Recommended Posts

Did you ever see the blog post by David Hornbaker?

 

http://blogs.technet.com/b/deploymentguys/archive/2012/02/20/using-mbam-to-start-bitlocker-encryption-in-a-task-sequence.aspx

 

I had some success using this solution before the upgrade to 2012 R2. Now SCCM doesn't even download the script to run it. Do you know if something changed with R2 that makes it not download VBScripts ro run locally?

Perhaps I'm missing something else but I feel like I've tried a bunch of different things....

 

Thanks!

Share this post


Link to post
Share on other sites

All right, i have successfully integrated that to our Windows 7 deployment sequence. I love it. it's pretty quick.

The only problem i have is that the drive label is set to MININT-XXXXXXX, bacause the computername is not set while the encryption starts. Is there any way to avoid this?

 

I know this is pretty old but I'm having the same issues and unable to find a solution. Does anyone know how to make the BitLocker drive label the same as the Computer Name?

Share this post


Link to post
Share on other sites

All right, i have successfully integrated that to our Windows 7 deployment sequence. I love it. it's pretty quick.

The only problem i have is that the drive label is set to MININT-XXXXXXX, bacause the computername is not set while the encryption starts. Is there any way to avoid this?

 

 

All right,

 

mission impossible to get a proper name for this string since this is hard coded and not configurable by any command line options. :(

 

 

 

I know this is pretty old but I'm having the same issues and unable to find a solution. Does anyone know how to make the BitLocker drive label the same as the Computer Name?

 

Hi

 

We were having the same problem with MININT-xxxxx.

 

We are trying to set the registry TCPIP Hostname to %OSDComputerName% in the Task Sequence

 

This step was added before Pre-Provisioning BitLocker step or rather before Set OSDDiskPart

 

Command line:

reg add HKLM\System\CurrentControlSet\Services\Tcpip\Parameters /v Hostname /t REG_SZ /d %OSDComputerName% /f

 

It did not help.. hostname is correct now but it still name it MININT...

 

Gonna try and move the reg add higher up in the task sequence.

Share this post


Link to post
Share on other sites

can you clarify exactly what your issue is here ? show me a screenshot of the problem...the drive label is set in the format steps... are you using any variables in there (osdisk)

Share this post


Link to post
Share on other sites

I'm having the same issue with the drive label at the Bitlocker PIN Entry screen reading MININT-XXXXXX.

My steps:

Partition Disk

Pre-Provision Bitlocker

Apply Operating System

Apply Windows Settings

Drivers

Setup Windows and Configuration Manager

Join Domain or Workgroup

Enable Bitlocker

 

I have a collection variable that allows me to enter the computer name at the start of the task sequence. After this TS completes, the Bitlocker PIN Entry screen shows the drive label as MININT-XXXXXX, however once you log into the machine, the computer name is correct. The AD object is also correct and the key is backed up to it properly.

 

It's important to note that without the Pre-Provision Bitlocker step in there, Bitlocker starts encryption at the end, but the drive label on the Bitlocker PIN Entry screen shows the proper computer name entered at the beginning.

 

I've tried quite a few methods of declaring a computer name specifically throughout the task sequence, but in the end, the PIN Entry screen still shows the wrong computer name.

Share this post


Link to post
Share on other sites

My tests show that when the MDT step "Apply Windows Settings" occurs, the MININT-xxxxxx name is assigned. Unfortunately, prior to that step, so long as you are in WinPE it doesn't matter what you set the OSDComputerName or ComputerName variable to, the value will be ignored by the Apply Windows Settings step and each reboot while in WinPE will generate a new MININT-xxxxx name. Additional attempts at modifying the unattend.xml file have not been successful either (technically the file is the WinPEUnattend.xml)

 

(NOTE: This statement is only true regarding Windows 7 and pre-provisioning. Win 8.x behaves differently).

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.