Monday, April 13, 2015

Enable TPM for BitLocker usage during OS deployment on endpoints (part 2)

Last year I did deployment with BitLocker usage on Dell systems. You can find more information about that here: Enable TPM for BitLocker usage during OS deployment on endpoints. This time I will do the same, but then on HP systems. As mentioned last time I didn't used it before. Let's have a look at possibilities on HP boxes. With this configuration there's no need for manually actions.

HP is offering a few websites for more information:
Client Management Solutions
HP BIOS Configuration Utility

When installing HP BIOS Configuration Utility (BCU) 4 files will be found. These are:
-BCUErr.cfg
-BIOS Configuration Utility User's Guide
-BIOSConfigUtility.exe (for x86 boot image)
-BIOSConfigUtility64.exe (for x64 boot image)
 
The HP BCU settings file is created with BiosConfigUtility.exe and /getconfig:<file> parameter. This file is used during deployment with /setconfig:<file> parameter. Have a look at BIOS Configuration Utility User Guide for more information on this.BCU also has the ability to establish, modify, and remove the BIOS setup password. Use the HP Password Encryption Utility (HPQPswd.exe) to create the password file needed to specify new or current password.

Use the following sample command to create a setup password on a system with no existing password:
BIOSConfigUtility.exe /nspwdfile:"new password.bin"
Use the following sample command to modify the BIOS setup password use:
BIOSConfigUtility.exe /nspwdfile:"new password.bin" /cspwdfile:"current password.bin"
Use the following sample command to remove the BIOS setup password use:
BIOSConfigUtility.exe /nspwdfile:"" /cspwdfile:"current password.bin"

NOTE: A password change command can be combined with BIOS configuration, in which case the password is modified before the configuration is applied.
BIOSConfigUtility.exe /set:"configuration.txt" /nspwdfile:"new password.bin"


The HPQPSDW utility is started with a GUI and an encrypted BIN file is created. With this file the system administrator password is set or changed. Download: HP System Software Manager

With this information both password can be set and BIOS settings can be changed. Just great if you ask me!

Other posts on BitLocker:
How to Enable BitLocker, Automatically save Keys to Active Directory
Enable TPM for BitLocker usage during OS deployment on endpoints
BitLocker fails in task sequence because of false condition

1 comment: