none
Bitlocker pre-Provisioning is automatically started? RRS feed

  • Question

  • Hi,


    When I put an image (Windows 10 x64 1709) on a HP 800 G3 SFF (TPM 2.0, HP Sure Start) it will already make use of Bitlocker pre-Provisioning (AES 128 bit), but in my configuration I didn't enable bitlocker or edited anything to enable pre-Provisioning.

    When I use the exact same job on a HP 800 G2 / HP 800 G1 or other machines, pre-Provisioning is not started... 

    Anyone has an Idea if this is related to MDT?

    On the moment I am using MDT 8450 and ADK 1709.

    But had the same issue with MDT 2013 U2 and ADK 1709.

    Best,

    Roy

    Wednesday, January 10, 2018 11:44 AM

Answers

  • It's a setting from HP/Microsoft - condition set: 

    https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-bitlocker

    • Marked as answer by RoydR Tuesday, January 23, 2018 1:44 PM
    Tuesday, January 23, 2018 1:44 PM

All replies

  • If TPM is on and active or if a machine has PTT and you're deploying Windows 8.1 or above then pre-provisioning will happen unless you configure MDT to not use BitLocker.

    If you do not want encryption, modify your customsettings to include:

    BDEInstallSuppress=YES

    If you want pre-provisioning well then that's a matter of the hardware being configured properly as well as the TPM being cleared (a system can't be pre-provisioned if the TPM already has ownership information) assuming you are re-imaging a system as new out of the box computers will not taken ownership.


    Daniel Vega

    Wednesday, January 10, 2018 2:33 PM
  • Thanks for the information.

    I've already tried this, but it is not working. Bitlocker is off. I have also tried: BDEInstallSuppress=YES.

    I did another test and Installed Windows 10 1709 from DVD.

    Pre-provision also started on this PC model (HP 800 G3 SFF).

    When I install Windows 10 1703 Pre-Provisioning is not started.

    TPM is also cleared.

    I cannot manage this pre-provisioning with MDT. It looks like an HP 800 G3/Windows 10 1709 issue.

    Best,

    Roy

    Thursday, January 11, 2018 8:50 AM
  • Is the "Enable BitLocker (Offline)" step enabled in your TS?

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Friday, January 12, 2018 8:10 AM
  • Disabled.

    Without MDT, so just using Windows 1709 DVD it also happens on this PC model (HP  800 G3).

    I also asked HP for help.

    Monday, January 15, 2018 9:05 AM
  • It's a setting from HP/Microsoft - condition set: 

    https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-bitlocker

    • Marked as answer by RoydR Tuesday, January 23, 2018 1:44 PM
    Tuesday, January 23, 2018 1:44 PM