The Deployment Bunny

OS Deployment, Virtualization, Microsoft based Infrastructure…

  • Archives

  • Meta

Enable TPM via Task Sequence on HP Boxes

Posted by Mikael Nystrom on October 18, 2010

Yes, It can be done and it is pretty simple to. Here is what you need and how you should do it. Basically, the only thing you need is “BiosConfigUtility.EXE” and a text file with settings in it, add that to the TS and it will work like a charm, :-)

Step One – Get the utility

The utility is a part of HP’s SSM (SP49507), SSM stands for “HP System Software Manager” and version I have been playing with is 2.14 Rev A. Download that from the ftp://ftp.hp.com/pub/softpaq/sp49501-50000/sp49507.exe and if you need to see if your PC is in the list, check ftp://ftp.hp.com/pub/softpaq/sp49501-50000/sp49507.html

Step Two – Create the file

This is how the file should look like and it should have the name TPMEnable.REPSET

image

If you look at the picture, you can see that in every section there is a *. That is our default value that will be pushed into the bios.

Step Three – Create a Command and verify that it works

Now, be a bit careful, TPM is a security device and if you look your self out, it could be “tricky” to get back, so now you have been notified at least. So, we need a command to set all this and also to set a BIOS password and here it is:

BIOSConfigUtility /SetConfig:TPMEnable.REPSET /NewAdminPassword:”Password1″

So, if you take the BIOSConfigUtility.exe and TPMEnable.REPSET and put them in the same folder and run the command (elevated) with a password that is better then mine and then reboot the machine, you will see that it is going to enable the TPM chip and now you can just enable BitLocker on the machine.

Step Four – Getting stuff into the TS

Now, this can be done in different ways, one is to create a Script, or a batch file or an MDT Application. The reason for me to have an application, is very simple. When I work at customers I create a lot of “things”, if they are applications, they are pretty easy to copy inside the deployment workbench, from my personal Deployment share to the customers and vice versa. I like drag and drop, it makes life more…relaxed…:-) One other story, if they are applications, you could use the “MandatoryApplications001=” in CS.ini

So this is how it looks in my Task Sequence

image image

(No, sorry, my password for TPM is not 111-something, trust my…)

Now when I have the application I can open my Task Sequence and modify that like this:

image image

In the first picture you can see that I have added the application called “CUSTOM – Hewlett-Packard – BIOS Configuration” and in the other picture you can see that I have one condition to run this and that is same condition as the task “Enable Bitlocker” has.

So, that was pretty easy, right :-)

Step Five – some more things…

Configure BitLocker:

image

This is my settings (also default)

Just one small thing. Modify/Set this BDEKeyLocation= to something, otherwise the keyfile ends up locally on the c: drive…:-)

/mike

5 Responses to “Enable TPM via Task Sequence on HP Boxes”

  1. […] https://deploymentbunny.com/2010/10/18/enable-tpm-via-task-sequence-on-hp-boxes/ […]

  2. […] let me start by saying there is already a good blog post which outlines how to use HP’s BIOSConfigUtility in an MDT task sequence (which can be […]

  3. […]   First, let me start by saying there is already a good blog post which outlines how to use HP’s BIOSConfigUtility in an MDT task sequence (which can be easily […]

  4. […] Enable TPM via Task Sequence on HP Boxes May 21, 2012 robertrieglerwien Leave a comment Go to comments https://deploymentbunny.com/2010/10/18/enable-tpm-via-task-sequence-on-hp-boxes/ […]

  5. tuwi said

    i get an error 10 at second step saying that I needed to provide the bios password

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: