locked
Windows MDT - Bootable USB Password Protection RRS feed

  • Question

  • Hi. Is there anyway to password protect a bootable usb for Windows MDT? in the event a USB gets lost i don't want anyone to be bale to find it and utilize the USB, or see the settings of the customesettings.ini file. 

    If i can even go as far as encrypting and still somehow booting would be even better. 

    Wednesday, March 2, 2016 8:28 PM

All replies

  • For that kind of security you need ConfigMgr.

    Logs are very important. https://keithga.wordpress.com/2014/10/24/video-mdt-2013-log-files-basics-bdd-log-and-smsts-log/ Mention any customizations you have made.

    Wednesday, March 2, 2016 9:25 PM
  • But I would then need a major complete installation of SCCM correct? There's no way I can accomplish it with just the MDT?
    Thursday, March 3, 2016 2:21 AM
  • It is possible someone has written a custom hta but, I don't know of one. An option is to do network installs via boot media and to require network credentials.

    Logs are very important. https://keithga.wordpress.com/2014/10/24/video-mdt-2013-log-files-basics-bdd-log-and-smsts-log/ Mention any customizations you have made.

    Thursday, March 3, 2016 6:45 AM
  • Just don't include your username and password in Bootstrap, that way even if someone did get a hold of your bootable drive, they wouldn't be able to connect to the deployment share without having to type in the credentials.

    If this post is helpful please vote it as Helpful or click Mark for answer.

    Thursday, March 3, 2016 2:21 PM
  • So what I have is a few remote locations that don't have the deployment share set up locally, so I need to mail the USB's to these locations. But I notice the usb media doesn't even prompt for a password, brings me straight to the list of task sequences. 

    But the USB itself has specific task sequences, images, and driver packages on it. 

    Thursday, March 3, 2016 4:51 PM
  • Media deployment is a different beast. Essentially the whole deployment share is on the media and the system you are deploying to is going to need access to it during the deployment process, having an protected disk would break this.

    If this post is helpful please vote it as Helpful or click Mark for answer.

    Thursday, March 3, 2016 4:58 PM
  • Ok so in short there's no way to password protect media deployment correct?
    Thursday, March 3, 2016 8:28 PM
  • Practically no.

    Logs are very important. https://keithga.wordpress.com/2014/10/24/video-mdt-2013-log-files-basics-bdd-log-and-smsts-log/ Mention any customizations you have made.

    Thursday, March 3, 2016 8:46 PM