Tpm for bitlocker on an hp dc9700
![tpm for bitlocker on an hp dc9700 tpm for bitlocker on an hp dc9700](https://www.howtogeek.com/wp-content/uploads/2017/02/img_5898e074e710b.png)
Now we can update our Task Sequence with a step which executes the utility, this should be formatted as:īiosConfigUtility.exe /SetConfig:%YOURSETTINGS.REPSET% /NewAdminPassword:%YOURPASSWORD% REPSET and copy it to your HP Bios Configuration Utility package source folder and update your distribution points. Once you have the file trimmed down to what you require, rename For these laptops, these settings are shown as per below. The below command. You can then modify the text file to contain only the required settings to enable the TPM for your particular laptop. We have done this by copying the BiosConfigUtility.exe to a target laptop, then launching a command prompt as an administrator and executing We now need to create a file for the utility to use which contains the settings we want to change inside the BIOS. No program is required just the files as the Task Sequence is going to execute the utility. Įxtract the contents of sp49507 and create a package in your Config Manager instance. Luckily there is an HP BIOS Configuration Utility which we can use as part of a Task Sequence that will set these optionsįor us automatically! We are using version 2.14.0.8 of the HP BIOS Configuration Utility which you can download from.
TPM FOR BITLOCKER ON AN HP DC9700 PASSWORD
To enable the TPM in the BIOS we also need to set a password and tweak a few of the other security settings associated with the TPM. It's worth noting that a lot of the newer devices such as Surface Pro's come with UEFI where the TPM is alreadyĮnabled, again my blog is dealing with BIOS as our new laptops don't come out of the box with UEFI enabled. In order to enable BitLocker during a Configuration Manager Task Sequence we first need to enable the TPM (Trusted Platform Module) in the BIOS. Now before you even start with BitLocker you need to ensure that your Active Directory environment meets a few prerequisites, for the purposes of this blog we are assuming that this has been checked and is in place. The laptop models in this scenario: the HP EliteBookĪ few steps were required to achieve this and some tweaking of the default steps in my Configuration Manager Task Sequence. The idea is to provision the drive encryption as the laptops were built with your Configuration Manager 2012 R2 environment. Organisation decided to enable BitLocker protection for all of our new laptops.