Jump to content


  • 0
Aurock

How to set a task sequence to enable bitlocker only on laptops?

Question

I've been using MDT for a few years now, up to and including MDT 2012 update 1. Now we've purchased SC2012, and I'm trying to rebuild the deployment setup in SCCM to do the same things I did before in MDT. It looks like there are several areas where things might work in a different way. Rather than trying to manually recreate the exact steps I had in MDT, I wanted to check first to see if there's a better way to accomplish the same goals in SCCM.

 

The question of the moment is regarding bitlocker. In MDT, I had set customsettings.ini up with different sections for laptops and desktops, and depending on the IsLaptop variable, it would jump to whichever was appropriate. For laptops, I enabled bitlocker. For Desktops, I didn't.

 

I created a new mdt task sequence in SCCM (sp1 beta), and I see that it has steps included for pre-provisioning bitlocker and enabling bitlocker, both are conditional on the existence of an OSDBitlockerMode variable. I don't know how that variable is set, but I'd like the same setup I had with MDT, such that bitlocker is only enabled on laptops.

 

What's the best way to do this?

Share this post


Link to post
Share on other sites

5 answers to this question

Recommended Posts

  • 0

Thanks. So should I bring over the branches of customsettings.ini that I had in MDT, using that to skip bitlocker on desktops and enable it on laptops? I don't mind staying with what works, but I don't want to force SCCM to work the way I used MDT if SCCM has a better way to deal with the same problems.

Share this post


Link to post
Share on other sites

  • 0

Peter,

Can I use these settings in SCCM MDT TS that I use in MDT?

 

BDEInstall=TPMPin
BDEPin=some pin
TPMOwnerPassword=some password
BDEInstallSuppress=NO
BDEWaitForEncryption=FALSE
BDEDriveSize=3000
BDEDriveLetter=S:
BDERecoveryKey=AD
BDEKeyLocation=\\server\LaptopRecoveryKeys
BDEAllowAlphaNumericPin=Yes

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.