deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #5464 from MicrosoftDocs/minorupdate

Browse Source 
Script link issue
This commit is contained in:
Greg Lindsay 2021-08-04 10:53:50 -07:00 committed by GitHub
commit 2a5792b45e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
View File

@ -32,16 +32,16 @@ To configure your environment for BitLocker, you will need to do the following:
4. Configure the rules (CustomSettings.ini) for BitLocker.
> [!NOTE]
> Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery password in Active Directory. For additional information about this feature, see [Backing Up BitLocker and TPM Recovery Information to AD DS](/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds).
> Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery password in Active Directory. For more information about this feature, see [Backing Up BitLocker and TPM Recovery Information to AD DS](/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds).
If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), which is part of Microsoft Desktop Optimization Pack (MDOP), you have additional management features for BitLocker.
> [!NOTE]
> Backing up TPM to Active Directory was supported only on Windows 10 version 1507 and 1511.
>[!NOTE]
>Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery key and TPM owner information in Active Directory. For additional information about these features, see [Backing Up BitLocker and TPM Recovery Information to AD DS](/previous-versions/windows/it-pro/windows-7/dd875529(v=ws.10)). If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), which is part of Microsoft Desktop Optimization Pack (MDOP), you have additional management features for BitLocker.
>Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery key and TPM owner information in Active Directory. For more information about these features, see [Backing Up BitLocker and TPM Recovery Information to AD DS](/previous-versions/windows/it-pro/windows-7/dd875529(v=ws.10)). If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), which is part of Microsoft Desktop Optimization Pack (MDOP), you have additional management features for BitLocker.
For the purposes of this topic, we will use DC01, a domain controller that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](./prepare-for-windows-deployment-with-mdt.md).
For the purposes of this topic, we will use DC01, a domain controller that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, see [Deploy Windows 10 with the Microsoft Deployment Toolkit](./prepare-for-windows-deployment-with-mdt.md).
## Configure Active Directory for BitLocker
@ -69,7 +69,7 @@ The BitLocker Drive Encryption Administration Utilities are added as features vi
1. BitLocker Drive Encryption Administration Utilities
2. BitLocker Drive Encryption Tools
3. BitLocker Recovery Password Viewer
7. On the **Confirm installation selections** page, click **Install** and then click **Close**.
7. On the **Confirm installation selections** page, click **Install**, and then click **Close**.
![figure 3](../images/mdt-09-fig03.png)
@ -95,7 +95,7 @@ Following these steps, you enable the backup of BitLocker and TPM recovery infor
### Set permissions in Active Directory for BitLocker
In addition to the Group Policy created previously, you need to configure permissions in Active Directory to be able to store the TPM recovery information. In these steps, we assume you have downloaded the [Add-TPMSelfWriteACE.vbs script](https://gallery.technet.microsoft.com/ScriptCenter/b4dee016-053e-4aa3-a278-3cebf70d1191) from Microsoft to C:\\Setup\\Scripts on DC01.
In addition to the Group Policy created previously, you need to configure permissions in Active Directory to be able to store the TPM recovery information. In these steps, we assume you have downloaded the [Add-TPMSelfWriteACE.vbs script](https://raw.githubusercontent.com/DeploymentArtist/DF4/master/BitLocker%20and%20TPM/Add-TPMSelfWriteACE.vbs) to C:\\Setup\\Scripts on DC01.
1. On DC01, start an elevated PowerShell prompt (run as Administrator).
2. Configure the permissions by running the following command:
@ -114,7 +114,7 @@ If you want to automate enabling the TPM chip as part of the deployment process,
### Add tools from Dell
[Dell Comnmand | Configure](https://www.dell.com/support/article/us/en/04/sln311302/dell-command-configure) provides a Command Line Interface and a Graphical User Interface.
[Dell Command | Configure](https://www.dell.com/support/article/us/en/04/sln311302/dell-command-configure) provides a Command Line Interface and a Graphical User Interface.
### Add tools from HP