Scope
This guide is to help configure a ConfigMgr
Task Sequence to automate enabling BitLocker at time
of Image Deployment. This does not
detail the steps that are required to extend the Active Directory Schema or
create the necessary group policy objects. Details on extending the AD Schema
and creating the group policies can be found here
Prerequisites
ConfigMgr 2007
Dell CCTK - Download
Windows 7
TPM 1.2
2008 Active Directory or 2008 Active Directory Schema
Extension (to store BitLocker keys)
Process
Ready ConfigMgr
1.
Install CCTK onto a computer
2.
Create a folder on your SCCM Packages Share
called Dell CCTK
3.
Copy the x86 and x86_64 folder from %programfiles%\Dell\CCTK and store them in your new Dell
CCTK folder on the SCCM Package Share.
4.
Create a package for each called CCTK x86 and
CCTK x64 pointing to their respective locations.
5.
Deploy new packages to distribution points
Configure Drive Partitions in the Task Sequence
1.
Modify your Image Deployment Task Sequence to
allow for BitLocker
2.
Partition Disk 0 Task Sequence Step
a.
Create 1 volume called BDE
i.
Partition Type: Primary Partition
ii.
Use Specific Size: 1536 MB (may be a bit
overkill but I like to put other tools in this partition)
iii.
Check: Make this the boot partition
iv.
File System: NTFS
v.
Check: Quick format
vi.
Variable:
BDEPART
b.
Create 1 Volume called System
i.
Partition Type: Primary Partition
ii.
Use a percentage of remaining free space: 100
iii.
File System: NTFS
iv.
Check: Quick format
v.
Variable:
OSPART
3.
Apply Operating System Task Sequence Step
a.
Ensure the Variables are set
i.
Destination:
Logical drive letter stored in a variable
ii.
Variable name:
OSPART
Activate Dell TPM and Enable BitLocker Task Sequence Steps
1.
Modify your Image Deployment Task Sequence for
TPM activation
a.
Task Sequence Steps
i.
Run Command Line - Set the BIOS password:
1.
Command Line:
cctk.exe --setuppwd=<password>
2.
Package: Point to the x86 or x64 CCTK package
you created above
ii.
Run Command Line - TPM enable:
1.
Command Line:
cctk.exe --tpm=on --valsetuppwd=<password>
2.
Package: Point to the x86 or x64 CCTK package
you created above
iii.
Restart Computer
1.
The currently installed default operating system
2.
Uncheck: Notify the user before restarting
iv.
Run Command Line - TPM Activate:
1.
Command Line:
cctk.exe --tpmactivation=activate --valsetuppwd=<password>
2.
Package: Point to the x86 or x64 CCTK package
you created above
v.
Restart Computer
1.
The currently installed default operating system
2.
Uncheck: Notify the user before restarting
vi.
Run Command Line - Remove BIOS password:
1.
Command Line:
cctk.exe --setuppwd=
--valsetuppwd=<password>
2.
Package: Point to the x86 or x64 CCTK package
you created above
vii.
Enable BitLocker
1.
Choose the drive to encrypt
a.
Current operating system drive
b.
TPM only
2.
Choose where to create the recovery key
a.
In Active Directory
3.
Check: Wait for BitLocker
to complete the drive encryption process on all drives before continuing task
sequence execution (**If you want the drive to be fully encrypted at the end of
the Image ***Will add a considerable amount of time to your imaging solution)
No comments:
Post a Comment