Quick Tip ! Bitlocker Pin screen gone !

January 11, 2017

 

Hello,

We recently used a partners’ deployment services in order to prestage approximately 5000 laptops for a windows 10 deployment. Today we recieved our first shipment from the factory and we started one in full confidence.

After all the image had been validated on site, everything worked there except for our part 2 sccm task sequence that we use to finish up some minor issues and enable bitlocker.

So all went well, machines booted, startup scripts worked, part 2 was recieved and executed by the client.

But wait … We were expecting to see this after boot

clip_image002

But instead we saw this…

clip_image004

Now this really a tricky issue because it took some time before we realized that the screen was actually there but we did not see it, so if you wait then the machine just shut down.

Ok so now for the solution :

On the machine run bfsvc.exe %windir%\boot /v

Reboot the device and it should be ok.

What probably happened is that some of the fonts that are on the UEFI boot partition are corrupted and result in the “blue” screen, the command bfsvc.exe copies the required files from windows\boot to the required partition.

Saved our day !

Some refs : https://answers.microsoft.com/en-us/windows/forum/windows8_1-security/bitlocker-pin-pre-boot-screen-empty/f985c4f6-dd71-4586-bd46-50f513432bb3?page=1

Enjoy

Gino D

P.S. We were unable to execute this command in the task sequence environment so we had to run it during our startup script.


SCCM – Deploy Unknown Computers with Assettag as computername

January 5, 2017

Hi,

In a recent Windows 10 deployment project (with SCCM) a customer of mine wanted to use the Serialnumber as the computername within Active Directory. The customer is using Unknown Computers so they don’t the need to import them first. Also there was the need to identify if a computer was a desktop or laptop, this was needed to make sure the computer was joined in the right OU depending of that type and to make sure Bitlocker was only applied to laptop computers.  To provide this functionality I’ve created a vbs script:

Part 1: Set Computername variable

Set objOSD = CreateObject(“Microsoft.SMS.TSEnvironment”)

Set SWBemlocator = CreateObject(“WbemScripting.SWbemLocator”)
Set objWMIService = SWBemlocator.ConnectServer(strComputer,”root\CIMV2″,UserName,Password)
Set colItems = objWMIService.ExecQuery(“Select * from Win32_SystemEnclosure”,,48)

For Each objItem in colItems
strOSDComputername = objItem.SerialNumber
Next

objOSD(“OSDComputerName”) = strOSDComputerName

The variable OSDComputerName is a default task sequence variable. Therefore no further actions need to be taken in the task sequence to make sure it is used to name the computer.

Part 2: Set Chassis variable

Set colChassis = objWMIService.ExecQuery(“Select * from Win32_SystemEnclosure”,,48)
For Each objChassis in colChassis
    For  Each strChassisType in objChassis.ChassisTypes
        Select Case strChassisType

            Case 3
                  StrType = “Desktop”
            Case 4
                   StrType = “Desktop”
            Case 6
                   StrType = “Desktop”
            Case 7
                  StrType = “Desktop”
            Case 8
                StrType = “Laptop”
            Case 9
                 StrType = “Laptop”
            Case 10
                  StrType = “Laptop”
            Case 11
                  StrType = “Laptop”
            Case 12
                   StrType = “Laptop”
            Case 14
                  StrType = “Laptop”
            Case 15
                  StrType = “Laptop”
            Case Else
    StrType = “unknown”
            End Select
    Next
Next

objOSD(“Chassis”) = StrType

The variable “Chassis” can now be used like any other task sequence variable to make sure certain steps only run for a laptop or desktop.

Save the above codesnippets into a vbs file and create an SCCM package containing the script.

Afterwards add a “Run Command Line” step to the task sequence, provide the package details and the following command line: cscript.exe “…vbs”

That should do the trick.

Obviously this is one solution among others, there are many other ways to accomplish the same but this seemed the easiest to me.

A little remark: When reinstalling a computer with Bitlocker enabled, make sure the Run Command Line step is located after the partition disk step, otherwise the script will fail as WMI cannot be accessed from WinPE. I’ve experienced this the hard way.

Hope this helps!

 

Best regards,

Bert

 

 

 

 

 

 

 


Bitlocker in windows 8 pro

February 27, 2013

Hello,

Since the release of windows 8 there was change in features between prof and other editions.

The details are explained here



Windows 8 Enterprise | Enterprise Software | Enterprise Edition

http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/windows-8/enterprise-edition.aspx

As you may have noticed bitlocker is no longer limited to enterprise os, you now have this feature on windows 8 professional as well.

So, let’s activate it.

Open your apps and look for bitlocker.




Start the encryption wizard


Turn on bitlocker



You now have a new option of saving the recovery key to the ms account. I choose save to file because my logon user is not an admin.



I choose the option of only encrypting used space.



Run the bitlocker check and the tablet will be rebooted.



You can continue working while encryption is in progress.



Done.