none
MDT2013 - BitLocker - PIN and drive label RRS feed

  • Question

  • Hi all,

    I am testing MDT 2013 lite touch deployments now, Windows 7 and 8.1, mostly on Laptops and BitLocker is mandatory in our company.

    In MDT 2010 I had the following configuration in my ruels.ini:

    BDEInstallSuppress=NO

    BDEDriveLetter=S:

    BDEDriveSize=2000

    BDEInstall=TPMPin

    BDEPin=%ASSETTAG%

    BDERecoveryKey=AD

    BDEKeyLocation=C:

    BDeWaitForEncryption=False

    It worked like a charm, the BitLcoker page was shown, all settings were prepopulated with the desired values, especially the PIN field.

    With MDT 2013 I have two issues:

    1.

    BDEPin=%ASSETTAG% does not work, field stays empty, I have to enter the PIN manually - bug or feature? Any workarounds here?

    2.

    The second issue is more or less cosmetics - in previous MDT the BitLcoker drive label was set to the host name - in my case

    rules.ini -> OSDComputerName=DE-%ASSETTAG%, so I had "DE-<7-digit SN>" as labels, where the 7-digit number was the initial BitLocker PIN for the machine.

    Now the labels are set to MININT-<random string> - can the old naming behavior be brought back somehow?

    Thanks and Regards,

    Albert


    Friday, March 14, 2014 9:29 AM

All replies

  • Check the ztigather.log file to verify the BDEPin is or is not getting set. IT may be a bug in the Wizard Code.

    Keith Garner - keithga.wordpress.com

    Monday, March 17, 2014 8:12 PM
    Moderator
  • Hi Keith,

    Just checked - ztigather.log shows two occurancies of BDEPIN:

      C:\Users\akd\Desktop\DeploymentLogs\Wizard.log (1 hit)
    Line 111: <![LOG[Property BdePin is now = 3051477]LOG]!><time="08:27:07.000+000" date="03-17-2014" component="Wizard" context="" type="1" thread="" file="Wizard">
      C:\Users\akd\Desktop\DeploymentLogs\ZTIGather.log (2 hits)
    Line 152: <![LOG[Property BDEPIN is now = 3051744]LOG]!><time="08:22:12.000+000" date="03-17-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
    Line 153: <![LOG[Using from [DEFAULT]: BDEPIN = 3051744]LOG]!><time="08:22:12.000+000" date="03-17-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
      C:\Users\akd\Desktop\DeploymentLogs\BDD.log (3 hits)
    Line 210: <![LOG[Property BDEPIN is now = 3051744]LOG]!><time="08:22:12.000+000" date="03-17-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
    Line 211: <![LOG[Using from [DEFAULT]: BDEPIN = 3051744]LOG]!><time="08:22:12.000+000" date="03-17-2014" component="ZTIGather" context="" type="1" thread="" file="ZTIGather">
    Line 353: <![LOG[Property BdePin is now = 3051477]LOG]!><time="08:27:07.000+000" date="03-17-2014" component="Wizard" context="" type="1" thread="" file="Wizard">

    The PIN was successfully set from the asset tag.

    When I compare the DeployWiz_BitLocker.vbs from MDT 2012u1 and the version from MDT 2013 the only difference is the version number...

    Any Idea where to look further?

    Regards,

    Albert

    Tuesday, March 18, 2014 4:22 PM
  • Have a look here.. 

    You might be seeing a similar issue. I'm not on a machine with access to that xml atm so can't check to see what it's expecting.


    • Edited by RL69 Wednesday, March 19, 2014 4:30 PM
    • Proposed as answer by RL69 Thursday, March 20, 2014 9:30 PM
    Wednesday, March 19, 2014 4:29 PM
  • Have a look here.. 

    You might be seeing a similar issue. I'm not on a machine with access to that xml atm so can't check to see what it's expecting.



    I posted the fix for the DeployWiz_Bitlocker.vbs in the other thread.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    Wednesday, December 17, 2014 2:29 AM
    Moderator