Last week I wrote a blogpost about "How to Enable BitLocker, Automatically save Keys to Active Directory". As mentioned in that blogpost the Trusted Platform Module (TPM) chip must be enabled and activated in BIOS. This is disabled by default, so no BitLocker by default when using functionality within ConfigMgr. This is a pre-requisite BEFORE running the deployment task sequence. But you can enable TPM during deployment also! Let's have a look.
Step 1. Download the CCTK from Dell HERE.
Once you've download it, install the MSI. Both CCTK and HAPI are used for doing the job.
Step 2. Create a CCTK package for x86 and/or x64 usage.
Just copy %ProgramFiles%\Dell\CCTK\* to a location that will be used for ConfigMgr, and create a new package.
Step 3. Edit your task sequence with the following changes:
Group: Enable TPM on Dell systems
Group: Prepare CCTK and HAPI
Run Command Line: xcopy CCTK
xcopy.exe ".\*.*" "x:\CCTK\X86\" /E /C /I /Q /H /R /Y /S
Run Command Line: Enable HAPI
x:\CCTK\X86\HAPI\hapint -i -k C-C-T-K -p X:\CCTK\X86\HAPI\
Run Command Line: Set BIOS password
x:\CCTK\x86\CCTK.exe --setuppwd=password
Run Command Line: Enable TPM
x:\CCTK\x86\CCTK.exe --tpm=on --valsetuppwd=password
Restart Computer
Group: Prepare CCTK and HAPI
Run Command Line: xcopy CCTK
xcopy.exe ".\*.*" "x:\CCTK\X86\" /E /C /I /Q /H /R /Y /S
Run Command Line: Enable HAPI
x:\CCTK\X86\HAPI\hapint -i -k C-C-T-K -p X:\CCTK\X86\HAPI\
Run Command Line: Activate TPM
x:\CCTK\x86\CCTK.exe --tpmactivation=activate --valsetuppwd=password
Restart Computer
This must be placed between the "Partition Disk 0" and "Pre-provision BitLocker" step in the task sequence.
When using HP systems this can be done too. The BIOSConfigUtility.exe and TPMEnable.REPSET are used then. More information about that can be found HERE. The code on Dell systems are working great, on HP systems I didn't use it before.
No need to Set BIOS password, Enable TPM and Activate TPM manually anymore. Just use a single Task sequence for BIOS configuration and BitLocker at once. The ConfigMgr task sequence will take care of BitLocker furthermore. Just great!
Source: Windows-noob.com
first of all thanks for you article ;-)
ReplyDeleteI just don't get it where XCOPY is copying from?!
from ".\*.*" to "x:\CCTK\X86\"
I created a package without a program and point the package to the folder where cctk\x86 is installed but the TS is failing!
Hi, don't know for sure, but files must be temporary copied on the RAM drive. When I use above parameters it's working great. Did you add parameters as well? Try to use is in command line first (press F8 during WinPE phase)
DeleteThank you for your response. The trouble I am having is that I am dealing with a environment where Windows 7 enterprise is already installed. So I guess is what is called a refresh situation.
DeleteOkay, so you want to deploy the package in Windows instead of doing a full OS deployment? In that case the CCTK package can be used in Windows as well. No need to copy files because you can deploy it as default package with SCCM and commands can be copied to a CMD file. That way it should work for you.
DeleteHello Hank,
ReplyDeleteI have a quick question about one command:
x:\CCTK\X86\HAPI\hapint -i -k C-C-T-K -p X:\CCTK\X86\HAPI\
Why do you use "C-C-T-K" and not CCTK ?
Do you actually test these commands or you just take them from the other source ?
Thank you.
Hello, I used them with success before! I use the command because Dell mentions it this way. You can have a look here also: http://userworkspace.com/Automate
DeleteHope it helps!
During activating i get the following message:
ReplyDelete"To Set TPM - 1. Admin password must be set , 2. TPM must not be owned and 3. TPM must be deactivated."
All that is set but still did not work. I am getting
DeleteUnknown error (Error: 00000106; Source: Unknown) TSManager
Thank You
ReplyDeleteYou saved the day
Step 2. Create a CCTK package for x86 and/or x64 usage.
ReplyDeleteJust copy %ProgramFiles%\Dell\CCTK\* to a location that will be used for ConfigMgr, and create a new package.
What does this even mean? What steps do I take in order to do so?