Use the script here to clean the chip. Requires F10 at reboot, this is a 
built-in security feature of the bios itself.

http://andrewdcraig.wordpress.com/2013/02/18/enable-tpm-in-a-task-sequence-dell/

True, different versions of cctk have different anomalies. I have tested the 
-tpmactivation step without the = and it works for me but cannot guarantee it 
will work for all.

I have the drive encryption running during the task sequence, using 
pre-provisioning, and it handles multiple drives as well. Just writing up the 
blog on it this week.
The finished computer has encrypted drives and with the pre-provisioning it 
doesn't increase the running time of the TS.

Von: [email protected] [mailto:[email protected]] Im 
Auftrag von Robert Ruh
Gesendet: Dienstag, 1. Oktober 2013 18:13
An: [email protected]
Betreff: RE: [mssms] Using SCCM and Dell CCTK

I'm actually going through the same thing right now.  We are moving away from 
one encryption technology to Bitlocker.  I have noticed the CCTK tools are a 
bit inconsistent.  For example, the activation of the TPM on a Dell E6510 
running the latest BIOS A15 will not activate.  So to get around that I 
downloaded Dell's Client Configuration Toolkit and setup the action to activate 
the TPM.  It then allowed me to export it as an executable and I have that run 
as part of my task sequence depending on the model.

Something interesting that I found was a comment made by someone who had 
contacted Dell and on their forums had indicated that he was told there was an 
error in the instructions or CCTK where it isn't an equals sign after the 
valsetuppwd, rather there should be a space when activating.  I have not tested 
this yet.

cctk.exe --tpmactivation=activate --valsetuppwd password

I'm running into an issue though when I'm testing re-imaging a machine that has 
been encrypted before with Bitlocker.  It does not appear that you can clear 
the TPM in the dell BIOS using the CCTK tools.  We will be re-imaging machines 
in the future as break / fixes occur and if that laptop has had Bitlocker on it 
before, then all the TPM owner information will still be tied to the original 
machine and will not be to the re-imaged machine account.  Even disabling TPM 
and enabling it will still keep the ownership information in the BIOS unless 
you clear it from my understanding.  So has anyone been able to clear the TPM 
when re-imaging the machine (bare medal OS deployment) using the SCCM bootable 
media (so clearing the TPM when you have booted into WINPE)?

This is the way I have it set up in our environment.
I have it set so that the TPM is turned on, activated in the BIOS and the MBAM 
client installed during the imaging TS.  Then once it is joined to the domain, 
I have a GPO setup to apply all the Bitlocker preferences to it and to instruct 
the machine to check into the MBAM server.  Once it checks in, MBAM handles the 
rest and will initialize the TPM in Windows and begin the drive encryption.  
This automatically occurs as I use a WMI filter for the GPO to check if the 
Win32_TPM class exists and if so, begin the drive encryption.

From: [email protected] [mailto:[email protected]] On 
Behalf Of Murray, Mike
Sent: Thursday, September 26, 2013 5:02 PM
To: [email protected]
Subject: RE: [mssms] Using SCCM and Dell CCTK

Well, I tried all of the following commands at the command prompt, they seemed 
to work OK. But when I checked BIOS, TPM was still not activated.

cctk.exe --setuppwd=password

cctk.exe --tpm=on --valsetuppwd=password

cctk.exe --tpmactivation=activate --valsetuppwd=password

cctk.exe --setuppwd= --valsetuppwd=password

From: [email protected]<mailto:[email protected]> 
[mailto:[email protected]] On Behalf Of Niall Brady
Sent: Thursday, September 26, 2013 2:43 PM
To: [email protected]<mailto:[email protected]>
Subject: Re: [mssms] Using SCCM and Dell CCTK

correct as I show in the link above, (look for Remove Temporary password in the 
screenshot)

also note that i'm doing everything in WinPE hence the cctk 'hapi' references. 
Most people do the tpm stuff while still in Windows.

On Thu, Sep 26, 2013 at 11:37 PM, Murray, Mike 
<[email protected]<mailto:[email protected]>> wrote:
So I could initially set the password, then remove it?

From: [email protected]<mailto:[email protected]> 
[mailto:[email protected]<mailto:[email protected]>] 
On Behalf Of Powell, Tom
Sent: Thursday, September 26, 2013 2:31 PM
To: [email protected]<mailto:[email protected]>
Cc: [email protected]<mailto:[email protected]>

Subject: Re: [mssms] Using SCCM and Dell CCTK

Yup.

Set bios password / enable tpm / other bios settings / remove bios password if 
not required.

Kinda the same with HPs tool as well.

Tom

Sent from my iPhone

On 26 Sep 2013, at 22:14, "Keiffer, Scott" 
<[email protected]<mailto:[email protected]>> wrote:
I am pretty sure you have to have a bios password set in order for the 
activation to actually work.

---------------
Scott Keiffer
Senior Systems Administrator
Cockrell School of Engineering - IT Group
University of Texas at Austin
[email protected]<mailto:[email protected]>
512-814-8872

From: [email protected]<mailto:[email protected]> 
[mailto:[email protected]] On Behalf Of Murray, Mike
Sent: Thursday, September 26, 2013 3:49 PM
To: [email protected]<mailto:[email protected]>
Subject: RE: [mssms] Using SCCM and Dell CCTK

I created an EXE with the CCTK that should enable TPM and activate it. The log 
(attached) says successful in both steps, but TPM is still not activated (it is 
on, though).

From: [email protected]<mailto:[email protected]> 
[mailto:[email protected]] On Behalf Of Murray, Mike
Sent: Thursday, September 26, 2013 12:39 PM
To: [email protected]<mailto:[email protected]>
Subject: RE: [mssms] Using SCCM and Dell CCTK

I guess I should've clarified, I'm hoping to enable TPM on existing clients in 
SCCM. We will also add it to our TS when doing OSD, but we have a bunch of 
machines out there without it enabled.

From: [email protected]<mailto:[email protected]> 
[mailto:[email protected]] On Behalf Of 
[email protected]<mailto:[email protected]>
Sent: Thursday, September 26, 2013 12:15 PM
To: [email protected]<mailto:[email protected]>
Subject: RE: [mssms] Using SCCM and Dell CCTK

Glad to hear that CCTK is being put to good use!  As always, let me know if you 
see anything that we can do to make your life easier with Dell systems 
management tools.

Thanks,


Warren Byle
Dell | Business Client Systems Management
Product Manager
office +1 512 724 2626<tel:%2B1%20512%20724%202626>
[email protected]<mailto:[email protected]>

Join the conversation
Dell TechCenter<http://www.delltechcenter.com/>
Twitter: WarrenByle<http://twitter.com/WarrenByle>

Warren

From: [email protected]<mailto:[email protected]> 
[mailto:[email protected]] On Behalf Of Niall Brady
Sent: Thursday, September 26, 2013 1:45 PM
To: [email protected]<mailto:[email protected]>
Subject: Re: [mssms] Using SCCM and Dell CCTK

and here's an older post i did about the modular cctk bits in the task 
sequence, I use the same methodology in CM12

http://www.windows-noob.com/forums/index.php?/topic/3875-customising-windows-7-deployments-part-5/

On Thu, Sep 26, 2013 at 8:43 PM, Niall Brady 
<[email protected]<mailto:[email protected]>> wrote:
works great, you don't have to add them to the boot wim files if you don't want 
to and instead you can be modular in the task sequence,
this task sequence includes examples of just that:-

 *   CM12 in a Lab -The CM12 BitLocker FrontEnd HTA - 
video<http://www.windows-noob.com/forums/index.php?/topic/7636-the-cm12-bitlocker-frontend-hta-video/>
 *   CM12 in a Lab - The CM12 BitLocker FrontEnd 
HTA<http://www.windows-noob.com/forums/index.php?/topic/7294-the-cm12-bitlocker-frontend-hta>

if only all OEM manufacturers produced tools for doing bios actions as Dell do, 
kudos to Dell !


On Thu, Sep 26, 2013 at 8:39 PM, Murray, Mike 
<[email protected]<mailto:[email protected]>> wrote:
Anyone have experience deploying BIOS settings via SCCM and the Dell CCTK? I am 
specifically interested in enabling the TPM chip, as our security office is 
interested in using Bitlocker. I found this doc:

http://en.community.dell.com/techcenter/extras/m/white_papers/20209083.aspx

I'm just interested in hearing your stories of doing this, particularly with 
TPM. Any recommendations, gotchas, etc.

Also, if we do enable TPM, is there more that needs to be done on the client?


Best Regards,

Mike Murray
Desktop Management Coordinator - IT Support Services
California State University, Chico
530.898.4357
[email protected]<mailto:[email protected]>















________________________________

CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited. If you have 
received this communication in error, please notify the sender immediately by 
email and delete the message and any file attachments from your computer. Thank 
you.




Reply via email to