Uncategorized

How to prepare TPM chip for BitLocker encryption in a single Task Sequence step

Thanks to write this post by Mietek Rogala

You may have encountered a problem with your Task Sequences that a step to start BitLocker encryption does not work as expected. Depending on a method used to start the encryption (e.g. built-in “Enable BitLocker” step, StartMBAMEncryption.wsf script), the error you are getting varies, but quite often the underlying issue is the same: the TPM chip in the BIOS has not been configured correctly. This might be due to fact that deployment engineer forgot to activate the chip in the BIOS, or because you are running deployment on a machine that was previously encrypted and keys stored in TPM chip have not been cleared. Either way – this article gives you a quick and simple way of making sure Task Sequence covers such scenarios!

 

TPM_conditions

 

In order to achieve that we will leverage Win32_TPM WMI class and PowerShell to call appropriate method. The downside of this approach is this: since we are using PowerShell, this will not work in Windows PE. In other words, if you are using BitLocker pre-provisioning – this won’t help you much and you will have to look at some other imlementation (I have briefly tried to call appropriate method using WMIC with little success, next thing to try would be a VBScript to call upon this). However, if you are initiating encryption in full OS, this solution should work just fine for you.

To go through this post click on given below this Link How to prepare TPM chip for BitLocker encryption in a single Task Sequence step

Leave a Reply

Your email address will not be published. Required fields are marked *