We are new to MDT 2012 and are trying to create a task sequence for Surface Pro 3 Tablets. Everything is going OK apart from Bitlocker. We are required to enable TPM + PIN (yes I've read the articles saying PIN isn't necessary on tablets, but security have decided they still want it). To get TPM + PIN working there are a couple of GP settings required - enabling TPM + PIN and enabling pre-boot keyboards on slates.
To apply these settings we would normally have to join the domain and put the tablet in the correct OU for that Policy, which requires a restart. However once Policy is applying the restart now forces the corporate data warning message and so doesn't continue with the sequence. the only solution I can see is to insert the registry settings for these policy settings into the Task Sequence and not do the restart until the end of the sequence. However this seems very messy and could potentially cause maintenance issues further down the line if anything needs changing.
Does anyone have any solutions to this?