Enable and Activate TPM for BitLocker Pre-Provisioning in WinPE


Enable and Activate TPM for BitLocker Pre-Provisioning in WinPE

I have to say this one caught me out. I’m just setting up a task sequence to deploy Windows 8 and pre-provision BitLocker (which is wicked fast by the way!) and got caught with enabling and activating the TPM from WinPE.  The solution I came up with works for me, on a Samsung Series 7 Slate but might not work for all hardware vendors (TPM is a little tricky like that).

The process turned out to be pretty simple.

  1. Download the EnableBitLocker.vbs script from MSDN.
  2. Copy the file to my Configuration Manager 2012 SP1 Site Server.
  3. Edit the file and change the reference to “setup.exe /s” and “setup.exe /r” (shutdown and reboot in full Windows) to “wpeutil shutdown” and “wpeutil reboot” respectively. I did this because WinPE doesn’t include shutdown.exe but instead uses wpeutil to do the same(ish) thing.
  4. Created an Application Management package containing only the EnableBitLocker.vbs script and distributed it to my DPs.
  5. Added a Run Command Line task to my Windows 8 deployment task sequence, after Restart in Windows PE and before Pre-provision BitLocker.
  6. PXE booted and deployed my task sequence to my target machine.

The final effect takes advantage of Windows 8’s used space only encryption and starts encryption before the OS is even deployed, encrypting as the OS deploys – the net result is a fully encrypted machine within minutes!

Don’t forget to download Windows Server 2012, System Center and Windows 8 Enterprise to try this out and take a look at my other posts on System Center.

Share with your network so they know you're THE mobility expert
Tweet about this on Twitter0Share on Google+1Share on LinkedIn0Share on Facebook1Buffer this pageDigg thisShare on StumbleUpon0Pin on Pinterest0Share on Reddit0Email this to someone

What do you think?

Simon May is an Infrastructure Technology Evangelist at Microsoft concentrating on Devices and Services but with special interests in deployment and device management. Simon is a professional public speaker and the author of several books on Windows. Opinions on this blog are his own.
More in cm12, Enterprise Client, HowTo, system center 2012 sp1, SystemCenter, Windows 8
Announcing System Center SP1, our UK MVPs

Last night we announced general availability of System Center 2012 SP1, it’s great, expansive product that is absolutely key to...