Jump to content


Aurock

How to set a task sequence to enable bitlocker only on laptops?

Recommended Posts

I've been using MDT for a few years now, up to and including MDT 2012 update 1. Now we've purchased SC2012, and I'm trying to rebuild the deployment setup in SCCM to do the same things I did before in MDT. It looks like there are several areas where things might work in a different way. Rather than trying to manually recreate the exact steps I had in MDT, I wanted to check first to see if there's a better way to accomplish the same goals in SCCM.

 

The question of the moment is regarding bitlocker. In MDT, I had set customsettings.ini up with different sections for laptops and desktops, and depending on the IsLaptop variable, it would jump to whichever was appropriate. For laptops, I enabled bitlocker. For Desktops, I didn't.

 

I created a new mdt task sequence in SCCM (sp1 beta), and I see that it has steps included for pre-provisioning bitlocker and enabling bitlocker, both are conditional on the existence of an OSDBitlockerMode variable. I don't know how that variable is set, but I'd like the same setup I had with MDT, such that bitlocker is only enabled on laptops.

 

What's the best way to do this?

Share this post


Link to post
Share on other sites


Thanks. So should I bring over the branches of customsettings.ini that I had in MDT, using that to skip bitlocker on desktops and enable it on laptops? I don't mind staying with what works, but I don't want to force SCCM to work the way I used MDT if SCCM has a better way to deal with the same problems.

Share this post


Link to post
Share on other sites

Peter,

Can I use these settings in SCCM MDT TS that I use in MDT?

 

BDEInstall=TPMPin
BDEPin=some pin
TPMOwnerPassword=some password
BDEInstallSuppress=NO
BDEWaitForEncryption=FALSE
BDEDriveSize=3000
BDEDriveLetter=S:
BDERecoveryKey=AD
BDEKeyLocation=\\server\LaptopRecoveryKeys
BDEAllowAlphaNumericPin=Yes

Share this post


Link to post
Share on other sites

You could also run the query to check for a battery without needing the MDT gather step

 

Select * from Win32_Battery where Batterystatus > 0

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...