The Deployment Bunny

OS Deployment, Virtualization, Microsoft based Infrastructure…

  • Archives

  • Meta

Archive for October, 2010

Unleash the Power of MDT 2010 Lite Touch – Copenhagen – November 23 – 24

Posted by Mikael Nystrom on October 28, 2010

Hi fellow deployment master,

I’m very proud to announce that a dazzling deployment workshop – Unleash the Power of MDT 2010 Lite Touch – is coming to Copenhagen on November 23 – 24.

In just two days you will learn what you need to build a superior deployment solution based on MDT 2010 Update 1. In addition to the many tips & tricks to get Windows XP migrated, and Windows 7 deployed, you also get the following:

- 2 days with real world information from real world deployment experts
- A workbook packed with guidance and additional material
- Videos of the demos that you can play over and over again

Presenters are me (Mikael Nystrom), and Johan Arwidmark, both Microsoft MVP’s in Setup & Deployment.

For more information and registration: Unleash the Power of MDT 2010 Lite Touch

I hope to see you in Copenhagen

Regards / Mikael Nystrom

Ps. Johan also says hi :)  Ds.

Posted in Deployment, TechEd, Windows 7 | Leave a Comment »

Enable TPM via Task Sequence on HP Boxes

Posted by Mikael Nystrom on October 18, 2010

Yes, It can be done and it is pretty simple to. Here is what you need and how you should do it. Basically, the only thing you need is “BiosConfigUtility.EXE” and a text file with settings in it, add that to the TS and it will work like a charm, :-)

Step One – Get the utility

The utility is a part of HP’s SSM (SP49507), SSM stands for “HP System Software Manager” and version I have been playing with is 2.14 Rev A. Download that from the ftp://ftp.hp.com/pub/softpaq/sp49501-50000/sp49507.exe and if you need to see if your PC is in the list, check ftp://ftp.hp.com/pub/softpaq/sp49501-50000/sp49507.html

Step Two – Create the file

This is how the file should look like and it should have the name TPMEnable.REPSET

image

If you look at the picture, you can see that in every section there is a *. That is our default value that will be pushed into the bios.

Step Three – Create a Command and verify that it works

Now, be a bit careful, TPM is a security device and if you look your self out, it could be “tricky” to get back, so now you have been notified at least. So, we need a command to set all this and also to set a BIOS password and here it is:

BIOSConfigUtility /SetConfig:TPMEnable.REPSET /NewAdminPassword:”Password1″

So, if you take the BIOSConfigUtility.exe and TPMEnable.REPSET and put them in the same folder and run the command (elevated) with a password that is better then mine and then reboot the machine, you will see that it is going to enable the TPM chip and now you can just enable BitLocker on the machine.

Step Four – Getting stuff into the TS

Now, this can be done in different ways, one is to create a Script, or a batch file or an MDT Application. The reason for me to have an application, is very simple. When I work at customers I create a lot of “things”, if they are applications, they are pretty easy to copy inside the deployment workbench, from my personal Deployment share to the customers and vice versa. I like drag and drop, it makes life more…relaxed…:-) One other story, if they are applications, you could use the “MandatoryApplications001=” in CS.ini

So this is how it looks in my Task Sequence

image image

(No, sorry, my password for TPM is not 111-something, trust my…)

Now when I have the application I can open my Task Sequence and modify that like this:

image image

In the first picture you can see that I have added the application called “CUSTOM – Hewlett-Packard – BIOS Configuration” and in the other picture you can see that I have one condition to run this and that is same condition as the task “Enable Bitlocker” has.

So, that was pretty easy, right :-)

Step Five – some more things…

Configure BitLocker:

image

This is my settings (also default)

Just one small thing. Modify/Set this BDEKeyLocation= to something, otherwise the keyfile ends up locally on the c: drive…:-)

/mike

Posted in Deployment, TechEd | Tagged: , , | 5 Comments »

 
Follow

Get every new post delivered to your Inbox.

Join 4,172 other followers