none
Bit locker issue with HP Elitebooks RRS feed

  • Question

  • I am using configmgr 2007R3 to deploy windows.  When I take a "Clean" machine, i.e. one straight from HP and run my task sequence, the bit locker partition is created, and the C: ends up encrypted without any issues. I have a GPO applied and the AD set up to store the keys. This works perfect.

    When I do a refresh scenario, the Task sequence fails on the enable bit-locker step.  When I go into Windows and open tpm.msc, it says windows cannot find the TPM. I am using the built in windows Intel TPM driver, and it shows up in device manager.

    In doing refreshes, I am using the "suspend bit locker" step at the beginning of my Task Sequence.

    Here are my steps:

    1. use hp bios config tool with this file to enable TPM:

    English
    Activate Embedded Security On Next Boot
        *Enable
    Embedded Security Device
        *Device Available
    Embedded Security Activation Policy
        *No prompts
        F1 to Boot
        Allow User to reject
    OS Management of TPM
        *Enable
    OS Management of Embedded Security Device
        *Enable
    Reset of TPM from OS
        *Enable
    Reset of Embedded Security Device through OS
        *Enable
    Embedded Security Device Availability
        *Available

      2. Restart PC back into currently installed OS

      3. Create bit locker partition

      4. restart PC

      5. Enable bitlocker step in TS.

    I have tried clearing the TPM in bios and redeploying the OS several times with no success.  I cannot get windows to see the TPM chip after the OS is re-deployed.

    Any ideas?

    Ryan

    Monday, March 5, 2012 10:20 PM

All replies