- Download the EnableBitLocker.vbs script from MSDN.
- Copy the file to my Configuration Manager 2012 SP1 Site Server.
- Edit the file and change the reference to “setup.exe /s” and “setup.exe /r” (shutdown and reboot in full Windows) to “wpeutil shutdown” and “wpeutil reboot” respectively. I did this because WinPE doesn’t include shutdown.exe but instead uses wpeutil to do the same(ish) thing.
- Created an Application Management package containing only the EnableBitLocker.vbs script and distributed it to my DPs.
- Added a Run Command Line task to my Windows 8 deployment task sequence, after Restart in Windows PE and before Pre-provision BitLocker.
- PXE booted and deployed my task sequence to my target machine.
Enable and Activate TPM for BitLocker Pre-Provisioning in WinPE
I have to say this one caught me out. I’m just setting up a task sequence to deploy Windows 8 and pre-provision BitLocker (which is wicked fast by the way!) and got caught with enabling and activating the TPM from WinPE. The solution I came up with works for me, on a Samsung Series 7 Slate but might not work for all hardware vendors (TPM is a little tricky like that). The process turned out to be pretty simple.