none
Enable BitLocker on a Virtual Machine using MDT 2012 U1.

    Question

  • Hi,

    On Windows 8 as well Windows 7, you can enable BDE even when you don't have TPM chip by modifying the Group Policy settings. The difference, on Windows 8, you can use a Password instead. You can do that on a Virtual Machine.

    I wonder if I can do this by using MDT 2012 U1. Because I cannot see the Enable BitLocker step when I run my Task Sequence.

    Thanks!

    Friday, April 19, 2013 7:40 PM

Answers

  • Interesting, it appears that it is an issue with the evaluation media.  I did the following : 

    - Downloaded a copy of the Win 8 Enterprise Eval media

    - Set up a new MDT 2012u1 deployment share 

    - imported the eval media and set up a Standard Client task sequence

    - imported Win 8 enterprise media from (downloaded from my Technet subscription) and created a standard client task sequence.

    Results were that the task sequence to deploy the Eval media does not display the Bitlocker wizard, while the task sequence to deploy the Technet media DID display the Bitlocker pane.

    I'm afraid this doesn't get you any closer to a fix, but at least it validates what you are seeing.


    www.vaughnemiller.com

    Thursday, May 09, 2013 6:25 PM

All replies

  • You can add a step during your TS

    If you go on the TS properties, then you choose Add > Disks > Enable Bitlocker

    Monday, April 22, 2013 4:13 PM
  • You can add a step during your TS

    If you go on the TS properties, then you choose Add > Disks > Enable Bitlocker


    I have tried that, but in a VM environment, it does not appear.

    Blog | Twitter

    Tuesday, April 23, 2013 4:26 PM
  • Hi,

    On Windows 8 as well Windows 7, you can enable BDE even when you don't have TPM chip by modifying the Group Policy settings. The difference, on Windows 8, you can use a Password instead. You can do that on a Virtual Machine.

    I wonder if I can do this by using MDT 2012 U1. Because I cannot see the Enable BitLocker step when I run my Task Sequence.

    Thanks!

    There is a bug in MDT2012 Update 1.
    If you deploy Windows 8 Pro Edition, you can use thi Workaround:

    Displaying the Bitlocker Wizard Pane with Windows 8 Pro and MDT 2012 Update 1

     Eingefügt aus <http://www.vaughnemiller.com/2013/01/23/displaying-the-bitlocker-wizard-pane-with-windows-8-pro-and-mdt-2012-update-1/>

    • Proposed as answer by Andre.Ziegler Thursday, May 09, 2013 6:14 AM
    Thursday, May 09, 2013 1:09 AM
  • What about Win8 Enterprise? Does it work too?

    Blog | Twitter

    Thursday, May 09, 2013 2:22 PM
  • As far as I know, Win8 Enterprise should not need the work around listed above.
    Thursday, May 09, 2013 3:10 PM
  • As far as I know, Win8 Enterprise should not need the work around listed above.

    Saddly, the MDT BitLocker page does not show either.

    Blog | Twitter

    Thursday, May 09, 2013 3:13 PM
  • Well, I can verify that the Bitlocker wizard pane shows up for me when deploying to a virtual machine.  I'm using Hyper-V if that makes a difference.
    Thursday, May 09, 2013 3:27 PM
  • Well, I can verify that the Bitlocker wizard pane shows up for me when deploying to a virtual machine.  I'm using Hyper-V if that makes a difference.

    I'm using VMware, so it could be the problem.

    Blog | Twitter

    Thursday, May 09, 2013 4:22 PM
  • I just tried it on VMware Fusion on a Mac and the Bitlocker wizard shows up for me there as well.  Just our of curiosity, what is the use case for encrypting virtual machine hard drives?  It seems much more common for folks to want to exclude Bitlocker from VMs.

    www.vaughnemiller.com

    Thursday, May 09, 2013 4:36 PM
  • I just tried it on VMware Fusion on a Mac and the Bitlocker wizard shows up for me there as well.  Just our of curiosity, what is the use case for encrypting virtual machine hard drives?  It seems much more common for folks to want to exclude Bitlocker from VMs.

    www.vaughnemiller.com


    I know, just for writing purposes. Have you tried with the Win8 Enterprise Evaluation Media? This is what I'm using, clean installation and no BitLocker page shows up.

    Blog | Twitter

    Thursday, May 09, 2013 4:38 PM
  • Interesting, it appears that it is an issue with the evaluation media.  I did the following : 

    - Downloaded a copy of the Win 8 Enterprise Eval media

    - Set up a new MDT 2012u1 deployment share 

    - imported the eval media and set up a Standard Client task sequence

    - imported Win 8 enterprise media from (downloaded from my Technet subscription) and created a standard client task sequence.

    Results were that the task sequence to deploy the Eval media does not display the Bitlocker wizard, while the task sequence to deploy the Technet media DID display the Bitlocker pane.

    I'm afraid this doesn't get you any closer to a fix, but at least it validates what you are seeing.


    www.vaughnemiller.com

    Thursday, May 09, 2013 6:25 PM
  • That's right! At least I know I have to use a VL Media to do that.

    Thanks for trying out!


    Blog | Twitter

    Thursday, May 09, 2013 6:33 PM
  • I looked at this a little more.  As was the case with Windows 8 Pro not showing the wizard, it has to do with the logic in MDT that determines if it is a "premuim SKU"   

    In ZTIUtility.vbs (in the Scripts folder of the deployment share) the is an IsHighEndSKUEx Function starting at line 3837.  

    Function IsHighEndSKUEx( sSKU )

    ' Windows Ultimate/Enterprise and Server SKU's allow for some
    ' higher-end features, like Bitlocker and Multiple Language Packs.

       select case (ucase(trim(sSKU)))
          case "ULTIMATE", "ULTIMATEE", "ULTIMATEN"
              IsHighEndSKUEx = TRUE
          case "ENTERPRISE", "ENTERPRISEE", "ENTERPRISEN"
             IsHighEndSKUEx = TRUE
          case "HYPERV"
            IsHighEndSKUEx = TRUE
          case "PRERELEASE"
            IsHighEndSKUEx = TRUE
         case else
             If Instr(1, ucase(trim(sSKU)), "SERVER", vbTextCompare) > 0 then
                  IsHighEndSKUEx = TRUE
             Else
                 IsHighEndSKUEx = FALSE
            End if
       End Select

    From what I can tell, the SKU identifier for the evaluation of Win 8 Ent is "ENTERPRISE EVALUATION" So adding a case statement testing for that should allow you to have the wizard display for the evaluation media.  Unfortunately I will be away from my test environment for a few days and cannot confirm.


    www.vaughnemiller.com


    Monday, May 13, 2013 9:34 PM
  • Im having same issue with Windows 7 Enterprise and Windows 8.1 Enterprise

    On VM and physcal machines the BitLocker Panel just dont appear.

    I have SkipBitLocker=NO in cs.ini

    but still is nowhere to be found.

    Can some one point me in the right direction, what could be the case ?

    Friday, May 15, 2015 11:05 AM