Guys/Gals,
Could someone help me with getting my task sequence setup to enable bitlocker during deployment? I found an article that says a way to do it but it doesnt get specific on the steps. I posted the part of the article below. Has anyone configured theirs this way? I would like to see exactly how to accomplish these steps. Thanks!
Configure the Windows 8.1 task sequence to enable BitLocker
When configuring a task sequence to run any BitLocker tool, either directly or using a custom script, it’s helpful if you also add some logic to detect whether the BIOS is already configured on the machine. In this task sequence, we are using a sample script (ZTICheckforTPM.wsf) from the Deployment Guys web page to check the status on the TPM chip. You can download this script from the Deployment Guys Blog post, Check to see if the TPM is enabled. In the following task sequence, we have added five actions:
- Check TPM Status. Runs the ZTICheckforTPM.wsf script to determine if TPM is enabled. Depending on the status, the script will set the TPMEnabled and TPMActivated properties to either true or false.
- Configure BIOS for TPM. Runs the vendor tools (in this case, HP, Dell, and Lenovo). To ensure this action is run only when necessary, add a condition so the action is run only when the TPM chip is not already activated. Use
the properties from the ZTICheckforTPM.wsf.
Note It is common for organizations wrapping these tools in scripts to get additional logging and error handling. - Restart computer. Self-explanatory, reboots the computer.
- Check TPM Status. Runs the ZTICheckforTPM.wsf script one more time.
- Enable BitLocker. Runs the built-in action to activate BitLocker.
Daniel F. Willingham