Bit locker issue with HP Elitebooks RRS feed

  • Question

  • I am using configmgr 2007R3 to deploy windows.  When I take a "Clean" machine, i.e. one straight from HP and run my task sequence, the bit locker partition is created, and the C: ends up encrypted without any issues. I have a GPO applied and the AD set up to store the keys. This works perfect.

    When I do a refresh scenario, the Task sequence fails on the enable bit-locker step.  When I go into Windows and open tpm.msc, it says windows cannot find the TPM. I am using the built in windows Intel TPM driver, and it shows up in device manager.

    In doing refreshes, I am using the "suspend bit locker" step at the beginning of my Task Sequence.

    Here are my steps:

    1. use hp bios config tool with this file to enable TPM:

    Activate Embedded Security On Next Boot
    Embedded Security Device
        *Device Available
    Embedded Security Activation Policy
        *No prompts
        F1 to Boot
        Allow User to reject
    OS Management of TPM
    OS Management of Embedded Security Device
    Reset of TPM from OS
    Reset of Embedded Security Device through OS
    Embedded Security Device Availability

      2. Restart PC back into currently installed OS

      3. Create bit locker partition

      4. restart PC

      5. Enable bitlocker step in TS.

    I have tried clearing the TPM in bios and redeploying the OS several times with no success.  I cannot get windows to see the TPM chip after the OS is re-deployed.

    Any ideas?


    Monday, March 5, 2012 10:20 PM

All replies