Steps for enabling BitLocker on client deployments.

I already have GP configured to run a script that will turn on bitlocker on the client after it joins the domain. 

So what I am doing now is automating the BIOS config of the deployment to make sure that the TPM chip is ready for the OS to enable it. 

I have so far figured out Dells Command | Configure to set the admin and system passwords (requires separate tasks). 

I have a feeling that we need to enable TPM, reboot, then clear the TPM, reboot and then activate TPM (maybe another reboot) and then it will be ready for the OS to turn on BitLocker. 

Has anyone else tried this?

3 Comments   [ + ] Show comments
  • I don't know about BitLocker, but one of my colleagues was researching another WDE solution and concluded something similar: at least two reboots and maybe three. - JasonEgg 4 years ago
  • We have recently undertaken a project for a customer part of which was to configure BitLocker onto Dell machines. The process was quite complex and involved a number of scripts, that when run left "breadcrumbs" for subsequent scripts to pick up, as rebooting during the process was required a number of times. I will gather some information to add to this article that may be helpful - Hobbsy 4 years ago
  • Well, I can get BitLocker turned on ok, only if I am redeploying a computer (whose TPM chip already has the ownership taken).

    I only now need to take ownership of the TPM chip (BIOS steps enable it all ready to go). - Vivalo 4 years ago

Answers (0)

Be the first to answer this question

This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ