locked
Bitlocker is not showing up in Litetouch for a Task Sequence RRS feed

  • Question

  • I have a image I captured for Windows 7 Enterprise x64. I have my rules SkipBitlock=NO. But when I run the Task Sequence for this image bitlocker does not show up on the Litetouch wizard. Other Task Sequence work fine and bitlocker show up using the same rules.

    I did capture the image on MDT 2013 update 2 to and am deploying it on MDT 2012 Update 1. My MDT 2013 is still a work in progress and I don't want people using it yet for deployments. 

    [Settings]
    Priority=Default
    Properties=MyCustomProperty

    [Default]
    OSInstall=Y
    SkipCapture=NO
    SkipAdminPassword=YES
    SkipProductKey=YES
    SkipComputerBackup=NO
    SkipBitLocker=NO
    EventService=http://ds1:9800
    MachineObjectOU=OU=Imaging,OU=Computer,DC=domainname,DC=com
    BitsPerPel=32
    VReferesh=60
    XResolution=1
    YResolution=1
    UserDomain=domainname

    JoinDomain=domainname.com
    WSUSServer=http://sus1:8530

    TimeZoneName=Pacific Standard Time

    

    

    Screen that is missing:


    • Edited by clancy31 Friday, January 20, 2017 1:14 PM
    Friday, January 20, 2017 1:10 AM

All replies

  • Hi Clancy, what Windows 7 SKU are you deploying (Pro, Enterprise, etc.)?

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

    Friday, January 20, 2017 3:45 AM
  • Enterprise
    Friday, January 20, 2017 1:13 PM
  • If you are still having problems, please upload a copy of your BDD.log file to a public share like onedrive and share the link.

    Keith Garner - Principal Consultant [owner] - http://DeploymentLive.com

    Monday, January 23, 2017 5:15 AM
  • Is that your full customsettings.ini? You don't have a BDEInstallSuppress=YES anywhere by chance do you?

    If you plan to enable BitLocker for everything you can use these settings to fully automate it.

    SkipBitLocker=YES
    BDEInstall=TPM
    BDEInstallSuppress=NO
    BDEWaitForEncryption=False
    BDERecoveryKey=AD
    BDEKeyLocation=\\SERVER\SHARE$\KeyBackupFolder
    TPMOwnerPassword=P@$$W0rdGoesHere!

    But as Keith suggested looking through the bdd.log will help.


    If this post is helpful please vote it as Helpful or click Mark for answer.

    Tuesday, January 24, 2017 4:40 PM
  • I had the same problem. Regardless of the BitLocker settings I wasn't getting the LiteTouch menu option. I removed everything from CUSTOMSETTINGS.INI and started putting sections back bit-by-bit. I finally got to the stage whereby I was consistently getting the BitLocker menu - until I put the following two lines back in:

    SkipCapture=NO
    DoCapture=YES

    So I just left them out. I've yet to figure out what they do, but haven't had the inclination to find out. It's working, and that's all I need to know.

    Hope that helps someone.

    Thursday, August 16, 2018 2:56 PM
  • Those settings have nothing to do with setting BitLocker directly.

    SkipCapture=NO tells the wizard to not skip the page that asks if you want to capture the image and where to save it.

    DOCapture=YES tells MDT that you want to capture the image so it'll be pre-selected when you get to that page.

    If you're capturing an image then you can't (and shouldn't) encrypt it.


    Daniel Vega


    • Edited by Dan_Vega Thursday, August 16, 2018 3:14 PM better
    Thursday, August 16, 2018 3:13 PM
  • Daniel,

    Yes, according to the documentation and all prevailing logic those Capture settings should have no effect, but as soon as I put them into my CS.INI it skips the BitLocker stage. Take them out and BitLocker returns. I spent 2 hours of solid testing yesterday and I proved it beyond doubt. Strange but true.

    I can only think there is something else peculiar to my system which is causing it.

    A.

    Friday, August 17, 2018 7:54 AM
  • Because of the last part I wrote. When you capture an image you can't have it encrypted. MDT probably has logic to not allow BitLocker if you are capturing an image. In your case while the setting DoCapture=YES doesn't directly have anything to do with BitLocker, it does actually prevent it from running since you simply can not capture an encrypted drive with DISM. Sorry I should have explained it better.

    Daniel Vega

    Friday, August 17, 2018 1:21 PM
  • Ah, gotcha. Makes sense.
    Thanks Daniel.
    Friday, August 17, 2018 1:54 PM