Jump to content


Configuring Local polices using WSIM

Recommended Posts

Hi All,


I am trying to enable few options on local group policies for enabling bitlocker to recover the keys in AD on Windows 7 image. I forgot to do the changes manually in the image and its too late for me to recapture the same.


Can you please advice if we have any option to configure the settings in unattended.xml


Below are the settings that i would like to change using SIM.


  • Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption – double click Store Bitlocker information in Active Directory Domain Services, and click the ‘enabled’ bubble.
  • Next, click Fixed Data Drives, and within, open the ‘Choose how’ option, click the ‘enabled’ bubble. and ‘OK.’
  • Open Operating system drives, and open the ‘Choose how’ option, and click the ‘enabled’ bubble. and ‘OK.
  • Computer Configuration\Administrative Templates\System\Trusted Platform Module Services\ – Trusted Platform Module Services, click it, and open Turn on TPM backup to Active Directory Domain Services, click the ‘enabled’ bubble. and hit ‘OK.

Appreciate if you can help me here, Thanks in advance .

Share this post

Link to post
Share on other sites

You might want to check out the unattend files available from the MSDN page here as they may be able to assist you with configuring settings in your own unattend files depending on the type of operating system and architecture you are deploying. Also, since you have a dedicated server for WDS you might want to consider using the Microsoft Deployment Toolkit (MDT) for both the imaging process as well as the deployment process. First off, MDT is free. MDT can integrate directly with WDS and can be setup to PXE boot for both a Sysprep and Capture task sequence and lite-touch deployment. While I understand you do not want to recapture the image, MDT greatly simplifies the sysprep and capture process.


Next, MDT can be used to deploy Windows XP, Windows 7, Windows 8, Windows Server 2003, Windows Server 2008 and Windows Server 2008R2. Using MDT, you can easily add both applications and drivers, manage Windows updates, create task sequences, prompt for a computer name, join a domain, add a KMS or MAK product key, create an administrator account, specify time zone, etc. You can also import all user data into the new environment using the User State Migration Tool (also free). In addition to creating standard client task sequences, as stated above, you can create sysprep and capture task sequences that will do just that – sysprep and capture an image of your reference machine. To become familiar with the process of using MDT, you might want to check out these videos from the Springboard Series page on TechNet:


Deployment Day Session 1: Introduction to MDT 2012

Deployment Day Session 2: MDT 2012 Advanced


Hope this helps and keep us posted!


Windows Outreach Team – IT Pro

Share this post

Link to post
Share on other sites

Thanks for your reply Jessica .. I am wondering if some can point me where the setting for above described in SIM will be, I have browsed through but did not find any.


Are there any scripts for doing this or any other way ? ..


Eagerly waiting for a response ..

Share this post

Link to post
Share on other sites

Hi Snehal,


The first link in my response offers two unattend.xml files. Within those files, you will find lines you can add to your unattend file within Windows SIM. An excerpt from an unattend.xml file for x86 can be found below:


(Please note, this is put in the oobeSystem settings pass)


<SynchronousCommand wcm:action="add">

<CommandLine>%windir%\Distribution\Bitlocker\EnableBitlocker.vbs /on:tpm /rk /promptuser /l:%windir%\Distribution\Bitlocker\enable.log</CommandLine>

<Description>Enable Bitlocker with TPM only and create recovery password and recovery key</Description>




Please let me know if you are looking for something else.


Thank you,


Windows Outreach Team – IT Pro
The Springboard Series on TechNet

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...