The pre-provisioning step will start encrypting the hard drive during WinPE, encrypts with used space only, so that as it lays the image down on the device it's encrpypted as it goes. The pre-provisioning step takes less than 10 secs on average.
We then install MBAM later in the TS and don't enable bitlocker until the end, which just turns the protectors on. MBAM will set a recovery key and save to the db after the fact. This shaved over an hour off the time it takes to image and fully encrypt [cid:[email protected]] [cid:[email protected]] [cid:[email protected]] From: [email protected] [mailto:[email protected]] On Behalf Of Marcum, John Sent: Thursday, November 20, 2014 3:40 PM To: [email protected] Subject: [MDT-OSD] RE: Error Installing MBAM in TS I am using CCTK to do deal with the TPM before MBAM installs. What does the bitlocker pre-provisioning step do? Where do you put it in the TS? Here's what I am doing. As you can see I've tried a couple of differnet ways to handle this and none work. The "Encrypt Hard Drive" steps are the script from TechNet (StartMBAMEncryption.wsf /AddRegFile:AddMBAMRegEntries.reg /RemoveRegFile:RemoveMBAMRegEntries.reg /WaitForEncryption:false) now I am trying with the built-in Enable Bitlocker step. I'll know soon if that one works. [cid:[email protected]] From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Krueger, Jeff Sent: Thursday, November 20, 2014 1:06 PM To: [email protected]<mailto:[email protected]> Subject: [MDT-OSD] RE: Error Installing MBAM in TS If the TPM is not already turned on MBAM will turn it on then force a restart, this breaks the TS cause it can't recover the TS from an unexpected shutdown. We've found no way to block the reboot that MBAM causes, so we use the Dell and HP bios config utilities to ensure the TPM is on and activated at the beginning of the TS process. Also look into pre-provisioning bitlocker, saves a huge amount of time. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Marcum, John Sent: Thursday, November 20, 2014 1:17 PM To: [email protected]<mailto:[email protected]> Subject: [MDT-OSD] Error Installing MBAM in TS Has anyone ever had problems installing the MBAM client in a task sequence? It seems like it's completing the install then rebooting and that's breaking it. Next I kick off a script to start encryption (script from TechNet blog) and that has been for a very long time even though I added the switch /waitforencryption:false Running "C:\WINDOWS\System32\msiexec.exe" /i "C:\_SMSTaskSequence\Packages\PS100156\x64\MBAMClient.msi" /quiet /norestart /l* "C:\WINDOWS\logs\MBAM x64 2.0 install.log" with 32bitLauncher execmgr 11/20/2014 11:31:40 AM 1172 (0x0494) Created Process for the passed command line execmgr 11/20/2014 11:31:41 AM 1172 (0x0494) Raising event: [SMS_CodePage(437), SMS_LocaleID(1033)] instance of SoftDistProgramStartedEvent { AdvertisementId = "PS1201B9"; ClientID = "GUID:F63A2391-347D-484D-BEED-2A00EDDA1429"; CommandLine = "\"C:\\WINDOWS\\System32\\msiexec.exe\" /i \"C:\\_SMSTaskSequence\\Packages\\PS100156\\x64\\MBAMClient.msi\" /quiet /norestart /l* \"C:\\WINDOWS\\logs\\MBAM x64 2.0 install.log\""; DateTime = "20141120173141.014000+000"; MachineName = "BHM-L-919JD12"; PackageName = "PS100156"; ProcessID = 1584; ProgramName = "MBAM x64 Client Install"; SiteCode = "PS1"; ThreadID = 1172; UserContext = "NT AUTHORITY\\SYSTEM"; WorkingDirectory = "C:\\_SMSTaskSequence\\Packages\\PS100156\\"; }; execmgr 11/20/2014 11:31:41 AM 1172 (0x0494) Raised Program Started Event for Ad:PS1201B9, Package:PS100156, Program: MBAM x64 Client Install execmgr 11/20/2014 11:31:41 AM 1172 (0x0494) Service startup. execmgr 11/20/2014 11:31:49 AM 2564 (0x0A04) Request in running or report status found for program MBAM x64 Client Install package PS100156 execmgr 11/20/2014 11:31:51 AM 2564 (0x0A04) Service stopped while program MBAM x64 Client Install is running execmgr 11/20/2014 11:31:51 AM 2564 (0x0A04) OpenProcess failed for process 2828, error 80070057 execmgr 11/20/2014 11:31:51 AM 2564 (0x0A04) Can not continue monitoring the program after service restart because the process exited. Assume failed execmgr 11/20/2014 11:31:51 AM 2564 (0x0A04) Looking for MIF file to get program status execmgr 11/20/2014 11:31:51 AM 2564 (0x0A04) Raising event: [SMS_CodePage(437), SMS_LocaleID(1033)] instance of SoftDistProgramUnexpectedRebootEvent { AdvertisementId = "PS1201B9"; ClientID = "GUID:F63A2391-347D-484D-BEED-2A00EDDA1429"; DateTime = "20141120173151.477000+000"; MachineName = "BHM-L-919JD12"; PackageName = "PS100156"; ProcessID = 1512; ProgramName = "MBAM x64 Client Install"; SiteCode = "PS1"; ThreadID = 2564; }; execmgr 11/20/2014 11:31:51 AM 2564 (0x0A04) Raised Program Unexpected Reboot Event for Ad:PS1201B9, Package:PS100156, Program: MBAM x64 Client Install execmgr 11/20/2014 11:31:51 AM 2564 (0x0A04) Execution Request for advert PS1201B9 package PS100156 program MBAM x64 Client Install state change from Running to Completed execmgr 11/20/2014 11:31:51 AM 2564 (0x0A04) Service startup. execmgr 11/20/2014 11:32:40 AM 2548 (0x09F4) ________________________________ John Marcum MCITP, MCTS, MCSA Desktop Architect Bradley Arant Boult Cummings LLP ________________________________ [H_Logo] ________________________________ Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. ________________________________ CONFIDENTIALITY NOTICE: This email contains information from the sender that may be CONFIDENTIAL, LEGALLY PRIVILEGED, PROPRIETARY or otherwise protected from disclosure. This email is intended for use only by the person or entity to whom it is addressed. If you are not the intended recipient, any use, disclosure, copying, distribution, printing, or any action taken in reliance on the contents of this email, is strictly prohibited. If you received this email in error, please contact the sending party by reply email, delete the email from your computer system and shred any paper copies. Note to Patients: There are a number of risks you should consider before using e-mail to communicate with us. See our Privacy & Security page on www.henryford.com<http://www.henryford.com> for more detailed information as well as information concerning MyChart, our new patient portal. If you do not believe that our policy gives you the privacy and security protection you need, do not send e-mail or Internet communications to us. ________________________________ Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. ________________________________ Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer.
