MDT Offline USB Deployment RRS feed

  • Question

  • Hello, I need some help.  I have a working deployment share that is fine for all of my network connected devices.  I need to make a USB deployment for my offline devices.  The difficulty is that the USB hard drive device used for the offline deployments is encrypted with *Bitlocker* that is protected by password only.  So basically I need to boot off this USB hard drive that will run a script to unlock the drive with the password then start the lite touch deployment as well as either keep the drive unlock through the reboots during deployment or prompt for the password again and proceed through deployment until it is complete Thanks


    Thursday, May 12, 2016 4:13 AM

All replies

  • I am not aware of anyway to do what you are asking. The closest I could suggest is ConfigMgr can password protect your boot media.

    Many questions such as where do I find logs and what logs are interesting are found in: MDT TechNet Forum - FAQ & Getting Started Guide Please take the time to read it.

    Thursday, May 12, 2016 4:33 AM
  • Why do you encrypt the USB Flash Drive?

    MDT Litetouch was not designed nor tested for this scenario.

    Keith Garner - Principal Consultant [owner] - http://DeploymentLive.com

    Friday, May 13, 2016 5:36 AM

  • It's a USB Hard Drive with two partitions. The first partition is the MDT WinPE boot, the second partition is encrypted where it houses the Deploy folder.  As per our corporate policy anything that is removable outside of premises need to be encrypted which included all external storage devices and laptops/tablets etc.

    But I did figure it out.

    The first step was to add a line to the <g class="gr_ gr_226 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="226" id="226">unattend</g>.xml to run a script that runs <g class="gr_ gr_228 gr-alert gr_spell gr_run_anim ContextualSpelling" data-gr-id="228" id="228">manage</g>-<g class="gr_ gr_227 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="227" id="227">bde</g> to unlock with password then launch Litetouch.wsf.  Then in the <g class="gr_ gr_230 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="230" id="230">unattend</g>.<g class="gr_ gr_231 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="231" id="231">xml</g> file used for the task sequence deployment of the image to add a first <g class="gr_ gr_233 gr-alert gr_spell gr_run_anim ContextualSpelling" data-gr-id="233" id="233">logon</g> synchronous command run the Bde-unlockwizard.exe to unlock the drive again from the reboot then launch LITbootstrap.vbs to continue with the task sequence. 

    • Edited by slebreton Monday, May 16, 2016 11:08 PM
    Monday, May 16, 2016 11:03 PM