From 5a4846e4a27c13678d06052d1724bd78e1a74866 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 31 Aug 2020 10:42:31 +0530 Subject: [PATCH 01/16] updated three changes --- .../bitlocker/bcd-settings-and-bitlocker.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md index 7dd0eb0898..876cf87f79 100644 --- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md @@ -18,14 +18,14 @@ ms.date: 02/28/2019 ms.custom: bitlocker --- -# BCD settings and BitLocker +# Boot Configuration Data settings and BitLocker **Applies to** - Windows 10 -This topic for IT professionals describes the BCD settings that are used by BitLocker. +This topic for IT professionals describes the Boot Configuration Data (BCD) settings that are used by BitLocker. -When protecting data at rest on an operating system volume, during the boot process BitLocker verifies that the security sensitive boot configuration data (BCD) settings have not changed since BitLocker was last enabled, resumed, or recovered. +When protecting data at rest on an operating system volume, during the boot process BitLocker verifies that the security sensitive BCD settings have not changed since BitLocker was last enabled, resumed, or recovered. ## BitLocker and BCD Settings From 73105181a182d03ed2786da8e9bfa0aea77d6050 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 31 Aug 2020 13:27:03 +0530 Subject: [PATCH 02/16] Update bitlocker-basic-deployment.md Changed instances of "volumes" to "drives" and "volume" to "partition" depending on the context. --- .../bitlocker/bitlocker-basic-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 1167e9121a..2ee647806e 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -27,7 +27,7 @@ This topic for the IT professional explains how BitLocker features can be used t ## Using BitLocker to encrypt volumes -BitLocker provides full volume encryption (FVE) for operating system volumes, as well as fixed and removable data volumes. To support fully encrypted operating system volumes, BitLocker uses an unencrypted system volume for the files required to boot, decrypt, and load the operating system. This volume is automatically created during a new installation of both client and server operating systems. +BitLocker provides full volume encryption (FVE) for operating system volumes, as well as fixed and removable data drives. To support fully encrypted operating system drives, BitLocker uses an unencrypted system partition for the files required to boot, decrypt, and load the operating system. This volume is automatically created during a new installation of both client and server operating systems. In the event that the drive was prepared as a single contiguous space, BitLocker requires a new volume to hold the boot files. BdeHdCfg.exe can create these volumes. From 4c82c1ab3ed15514f17ceef3a9208662032db858 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 31 Aug 2020 15:03:33 +0530 Subject: [PATCH 03/16] Update bitlocker-countermeasures.md --- .../bitlocker/bitlocker-countermeasures.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index 6de06c740a..58a32fafe6 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -43,7 +43,7 @@ Before Windows starts, you must rely on security features implemented as part of ### Trusted Platform Module -A TPM is a microchip designed to provide basic security-related functions, primarily involving encryption keys. +A trusted platform module (TPM) is a microchip designed to provide basic security-related functions, primarily involving encryption keys. On some platforms, TPM can alternatively be implemented as a part of secure firmware. BitLocker binds encryption keys with the TPM to ensure that a computer has not been tampered with while the system was offline. For more info about TPM, see [Trusted Platform Module](https://docs.microsoft.com/windows/device-security/tpm/trusted-platform-module-overview). From f8d98a189eb44481869a6567fea85b46f4a85278 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 31 Aug 2020 15:06:46 +0530 Subject: [PATCH 04/16] Update bitlocker-countermeasures.md --- .../bitlocker/bitlocker-countermeasures.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index 58a32fafe6..868d7192fc 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -126,7 +126,7 @@ For SBP-2 and 1394 (a.k.a. Firewire), refer to the “SBP-2 Mitigation” sectio ## Attack countermeasures -This section covers countermeasures for specific types attacks. +This section covers countermeasures for specific types of attacks. ### Bootkits and rootkits @@ -172,7 +172,7 @@ Mitigation: Targeted attack with plenty of time; this attacker will open the case, will solder, and will use sophisticated hardware or software. Mitigation: -- Pre-boot authentication set to TPM with a PIN protector (with a sophisticated alphanumeric PIN to help the TPM anti-hammering mitigation). +- Pre-boot authentication set to TPM with a PIN protector (with a sophisticated alphanumeric PIN [enhanced pin] to help the TPM anti-hammering mitigation). -And- From af75f977e4678298edae82a02296678b3f8b93a5 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 31 Aug 2020 15:19:41 +0530 Subject: [PATCH 05/16] Update bitlocker-countermeasures.md --- .../bitlocker/bitlocker-countermeasures.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index 868d7192fc..981252ffbf 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -162,7 +162,7 @@ The following sections cover mitigations for different types of attackers. Physical access may be limited by a form factor that does not expose buses and memory. For example, there are no external DMA-capable ports, no exposed screws to open the chassis, and memory is soldered to the mainboard. -This attacker of opportunity does not use destructive methods or sophisticated forensics hardware/software. +This attacker of opportunity does not use destructive methods or sophisticated forensics hardware/software. Mitigation: - Pre-boot authentication set to TPM only (the default) From 5965d132940474f3efe746f4a31d6551e01f96d5 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 31 Aug 2020 15:37:16 +0530 Subject: [PATCH 06/16] Update bitlocker-device-encryption-overview-windows-10.md --- .../bitlocker-device-encryption-overview-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md index 34008453ad..358ea6cfab 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md +++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md @@ -23,7 +23,7 @@ ms.custom: bitlocker - Windows 10 This topic explains how BitLocker Device Encryption can help protect data on devices running Windows 10. -For a general overview and list of topics about BitLocker, see [BitLocker](bitlocker-overview.md). +For a general overview and list of topics about BitLocker, see [BitLocker](bitlocker-overview.md). When users travel, their organization’s confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives. Windows consistently improves data protection by improving existing options and by providing new strategies. From 50d5e4f63fccad92894bd6c6a8c2f5458ba5bb59 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 23 Sep 2020 19:36:10 +0530 Subject: [PATCH 07/16] Update troubleshoot-bitlocker.md --- .../bitlocker/troubleshoot-bitlocker.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md index e6e97c6293..68f8c8e3c0 100644 --- a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md +++ b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md @@ -24,11 +24,11 @@ This article addresses common issues in BitLocker and provides guidelines to tro Open Event Viewer and review the following logs under Applications and Services logs\\Microsoft\\Windows: -- **BitLocker-API**. Review the Management log, the Operational log, and any other logs that are generated in this folder. The default logs have the following unique names: +- **BitLocker-API**. Review the management log, the operational log, and any other logs that are generated in this folder. The default logs have the following unique names: - Microsoft-Windows-BitLocker-API/BitLocker Operational - Microsoft-Windows-BitLocker-API/BitLocker Management -- **BitLocker-DrivePreparationTool**. Review the Admin log, the Operational log, and any other logs that are generated in this folder. The default logs have the following unique names: +- **BitLocker-DrivePreparationTool**. Review the admin log, the operational log, and any other logs that are generated in this folder. The default logs have the following unique names: - Microsoft-Windows-BitLocker-DrivePreparationTool/Operational - Microsoft-Windows-BitLocker-DrivePreparationTool/Admin @@ -36,7 +36,7 @@ Additionally, review the Windows logs\\System log for events that were produced To filter and display or export logs, you can use the [wevtutil.exe](https://docs.microsoft.com/windows-server/administration/windows-commands/wevtutil) command-line tool or the [Get-WinEvent](https://docs.microsoft.com/powershell/module/microsoft.powershell.diagnostics/get-winevent?view=powershell-6) cmdlet. -For example, to use wevtutil to export the contents of the Operational log from the BitLocker-API folder to a text file that is named BitLockerAPIOpsLog.txt, open a Command Prompt window, and run a command that resembles the following: +For example, to use wevtutil to export the contents of the operational log from the BitLocker-API folder to a text file that is named BitLockerAPIOpsLog.txt, open a Command Prompt window, and run a command that resembles the following: ```cmd wevtutil qe "Microsoft-Windows-BitLocker/BitLocker Operational" /f:text > BitLockerAPIOpsLog.txt @@ -48,7 +48,7 @@ To use the **Get-WinEvent** cmdlet to export the same log to a comma-separated t Get-WinEvent -logname "Microsoft-Windows-BitLocker/BitLocker Operational"  | Export-Csv -Path Bitlocker-Operational.csv ``` -You can use Get-WinEvent in an elevated PowerShell window to display filtered information from the System or Application log by using syntax that resembles the following: +You can use Get-WinEvent in an elevated PowerShell window to display filtered information from the system or application log by using a syntax that resembles the following: - To display BitLocker-related information: ```ps @@ -87,11 +87,11 @@ Open an elevated Windows PowerShell window, and run each of the following comman |Command |Notes | | - | - | -|[**get-tpm \> C:\\TPM.txt**](https://docs.microsoft.com/powershell/module/trustedplatformmodule/get-tpm?view=win10-ps) |Exports information about the local computer's Trusted Platform Module (TPM). This cmdlet shows different values depending on whether the TPM chip is version 1.2 or 2.0. This cmdlet is not supported in Windows 7. | +|[**get-tpm \> C:\\TPM.txt**](https://docs.microsoft.com/powershell/module/trustedplatformmodule/get-tpm?view=win10-ps) |Exports information about the local computer's trusted platform module (TPM). This cmdlet shows different values depending on whether the TPM chip is version 1.2 or 2.0. This cmdlet is not supported in Windows 7. | |[**manage-bde –status \> C:\\BDEStatus.txt**](https://docs.microsoft.com/windows-server/administration/windows-commands/manage-bde-status) |Exports information about the general encryption status of all drives on the computer. | |[**manage-bde c:
-protectors -get \> C:\\Protectors**](https://docs.microsoft.com/windows-server/administration/windows-commands/manage-bde-protectors) |Exports information about the protection methods that are used for the BitLocker encryption key. | |[**reagentc /info \> C:\\reagent.txt**](https://docs.microsoft.com/windows-hardware/manufacture/desktop/reagentc-command-line-options) |Exports information about an online or offline image about the current status of the Windows Recovery Environment (WindowsRE) and any available recovery image. | -|[**get-BitLockerVolume \| fl**](https://docs.microsoft.com/powershell/module/bitlocker/get-bitlockervolume?view=win10-ps) |Gets information about volumes that BitLocker Drive Encryption can protect. | +|[**get-BitLockerVolume \| fl**](https://docs.microsoft.com/powershell/module/bitlocker/get-bitlockervolume?view=win10-ps) |Gets information about volumes that BitLocker drive encryption can protect. | ## Review the configuration information @@ -113,9 +113,9 @@ Common settings that can cause issues for BitLocker include the following: - The TPM must be unlocked. You can check the output of the **get-tpm** command for the status of the TPM. - Windows RE must be enabled. You can check the output of the **reagentc** command for the status of WindowsRE. -- The system reserved partition must use the correct format. - - On Unified Extensible Firmware Interface (UEFI) computers, the system reserved partition must be formatted as FAT32. - - On legacy computers, the system reserved partition must be formatted as NTFS. +- The system-reserved partition must use the correct format. + - On Unified Extensible Firmware Interface (UEFI) computers, the system-reserved partition must be formatted as FAT32. + - On legacy computers, the system-reserved partition must be formatted as NTFS. - If the device that you are troubleshooting is a slate or tablet PC, use to verify the status of the **Enable use of BitLocker authentication requiring preboot keyboard input on slates** option. For more information about the BitLocker prerequisites, see [BitLocker basic deployment: Using BitLocker to encrypt volumes](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-basic-deployment#using-bitlocker-to-encrypt-volumes) @@ -124,14 +124,14 @@ For more information about the BitLocker prerequisites, see [BitLocker basic dep If the information that you have examined so far indicates a specific issue (for example, WindowsRE is not enabled), the issue may have a straightforward fix. -Resolving issues that do not have obvious causes depends on exactly which components are involved and what behavior you see. The information that you have gathered can help you narrow down the areas to investigate. +Resolving issues that do not have obvious causes depends on exactly which components are involved and what behavior you see. The information that you have gathered helps you narrow down the areas to investigate. - If you are working on a device that is managed by Microsoft Intune, see [Enforcing BitLocker policies by using Intune: known issues](ts-bitlocker-intune-issues.md). - If BitLocker does not start or cannot encrypt a drive and you notice errors or events that are related to the TPM, see [BitLocker cannot encrypt a drive: known TPM issues](ts-bitlocker-cannot-encrypt-tpm-issues.md). - If BitLocker does not start or cannot encrypt a drive, see [BitLocker cannot encrypt a drive: known issues](ts-bitlocker-cannot-encrypt-issues.md). - If BitLocker Network Unlock does not behave as expected, see [BitLocker Network Unlock: known issues](ts-bitlocker-network-unlock-issues.md). - If BitLocker does not behave as expected when you recover an encrypted drive, or if you did not expect BitLocker to recover the drive, see [BitLocker recovery: known issues](ts-bitlocker-recovery-issues.md). -- If BitLocker does not behave as expected or the encrypted drive does not behave as expected, and you notice errors or events that are related to the TPM, see [BitLocker and TPM: other known issues](ts-bitlocker-tpm-issues.md). -- If BitLocker does not behave as expected or the encrypted drive does not behave as expected, see [BitLocker configuration: known issues](ts-bitlocker-config-issues.md). +- If BitLocker or the encrypted drive does not behave as expected, and you notice errors or events that are related to the TPM, see [BitLocker and TPM: other known issues](ts-bitlocker-tpm-issues.md). +- If BitLocker or the encrypted drive does not behave as expected, see [BitLocker configuration: known issues](ts-bitlocker-config-issues.md). We recommend that you keep the information that you have gathered handy in case you decide to contact Microsoft Support for help to resolve your issue. From 233fd1faf325ab3e48e8c2ddbaf8f8755217d8ec Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 15 Oct 2020 12:38:40 +0530 Subject: [PATCH 08/16] Update troubleshoot-bitlocker.md --- .../bitlocker/troubleshoot-bitlocker.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md index 68f8c8e3c0..99c8c2e3ff 100644 --- a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md +++ b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md @@ -34,7 +34,7 @@ Open Event Viewer and review the following logs under Applications and Services Additionally, review the Windows logs\\System log for events that were produced by the TPM and TPM-WMI event sources. -To filter and display or export logs, you can use the [wevtutil.exe](https://docs.microsoft.com/windows-server/administration/windows-commands/wevtutil) command-line tool or the [Get-WinEvent](https://docs.microsoft.com/powershell/module/microsoft.powershell.diagnostics/get-winevent?view=powershell-6) cmdlet. +To filter and display or export logs, you can use the [wevtutil.exe](https://docs.microsoft.com/windows-server/administration/windows-commands/wevtutil) command-line tool or the [Get-WinEvent](https://docs.microsoft.com/powershell/module/microsoft.powershell.diagnostics/get-winevent?view=powershell-6&preserve-view=true) cmdlet. For example, to use wevtutil to export the contents of the operational log from the BitLocker-API folder to a text file that is named BitLockerAPIOpsLog.txt, open a Command Prompt window, and run a command that resembles the following: @@ -87,11 +87,11 @@ Open an elevated Windows PowerShell window, and run each of the following comman |Command |Notes | | - | - | -|[**get-tpm \> C:\\TPM.txt**](https://docs.microsoft.com/powershell/module/trustedplatformmodule/get-tpm?view=win10-ps) |Exports information about the local computer's trusted platform module (TPM). This cmdlet shows different values depending on whether the TPM chip is version 1.2 or 2.0. This cmdlet is not supported in Windows 7. | +|[**get-tpm \> C:\\TPM.txt**](https://docs.microsoft.com/powershell/module/trustedplatformmodule/get-tpm?view=win10-ps&preserve-view=true) |Exports information about the local computer's trusted platform module (TPM). This cmdlet shows different values depending on whether the TPM chip is version 1.2 or 2.0. This cmdlet is not supported in Windows 7. | |[**manage-bde –status \> C:\\BDEStatus.txt**](https://docs.microsoft.com/windows-server/administration/windows-commands/manage-bde-status) |Exports information about the general encryption status of all drives on the computer. | |[**manage-bde c:
-protectors -get \> C:\\Protectors**](https://docs.microsoft.com/windows-server/administration/windows-commands/manage-bde-protectors) |Exports information about the protection methods that are used for the BitLocker encryption key. | |[**reagentc /info \> C:\\reagent.txt**](https://docs.microsoft.com/windows-hardware/manufacture/desktop/reagentc-command-line-options) |Exports information about an online or offline image about the current status of the Windows Recovery Environment (WindowsRE) and any available recovery image. | -|[**get-BitLockerVolume \| fl**](https://docs.microsoft.com/powershell/module/bitlocker/get-bitlockervolume?view=win10-ps) |Gets information about volumes that BitLocker drive encryption can protect. | +|[**get-BitLockerVolume \| fl**](https://docs.microsoft.com/powershell/module/bitlocker/get-bitlockervolume?view=win10-ps&preserve-view=true) |Gets information about volumes that BitLocker drive encryption can protect. | ## Review the configuration information From 01ad4910ce6c95c3ce3790a5374a4b562c44691c Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 4 Mar 2021 11:13:21 +0530 Subject: [PATCH 09/16] Update bitlocker-basic-deployment.md --- .../bitlocker/bitlocker-basic-deployment.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index f62bc8b545..6d53e36d70 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -110,9 +110,8 @@ The following table shows the compatibility matrix for systems that have been Bi Table 1: Cross compatibility for Windows 10, Windows 8.1, Windows 8, and Windows 7 encrypted volumes -||||| -|--- |--- |--- |--- | |Encryption Type|Windows 10 and Windows 8.1|Windows 8|Windows 7| +|--- |--- |--- |--- | |Fully encrypted on Windows 8|Presents as fully encrypted|N/A|Presented as fully encrypted| |Used Disk Space Only encrypted on Windows 8|Presents as encrypt on write|N/A|Presented as fully encrypted| |Fully encrypted volume from Windows 7|Presents as fully encrypted|Presented as fully encrypted|N/A| From df72f4f98677b010ecd1dbd000ce8b08609a221d Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Fri, 5 Mar 2021 14:54:21 +0530 Subject: [PATCH 10/16] Update troubleshoot-bitlocker.md --- .../bitlocker/troubleshoot-bitlocker.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md index 99c8c2e3ff..2a8ac4bcec 100644 --- a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md +++ b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md @@ -18,7 +18,7 @@ ms.custom: bitlocker # Guidelines for troubleshooting BitLocker -This article addresses common issues in BitLocker and provides guidelines to troubleshoot these issues. This article also provides pointers to start the troubleshooting process, including what data to collect and what settings to check in order to narrow down the location in which these issues occur. +This article addresses common issues in BitLocker and provides guidelines to troubleshoot these issues. This article also provides information such as what data to collect and what settings to check. This information makes your troubleshooting process much easier. ## Review the event logs @@ -36,19 +36,19 @@ Additionally, review the Windows logs\\System log for events that were produced To filter and display or export logs, you can use the [wevtutil.exe](https://docs.microsoft.com/windows-server/administration/windows-commands/wevtutil) command-line tool or the [Get-WinEvent](https://docs.microsoft.com/powershell/module/microsoft.powershell.diagnostics/get-winevent?view=powershell-6&preserve-view=true) cmdlet. -For example, to use wevtutil to export the contents of the operational log from the BitLocker-API folder to a text file that is named BitLockerAPIOpsLog.txt, open a Command Prompt window, and run a command that resembles the following: +For example, to use wevtutil to export the contents of the operational log from the BitLocker-API folder to a text file that is named BitLockerAPIOpsLog.txt, open a Command Prompt window, and run the following command: ```cmd wevtutil qe "Microsoft-Windows-BitLocker/BitLocker Operational" /f:text > BitLockerAPIOpsLog.txt ``` -To use the **Get-WinEvent** cmdlet to export the same log to a comma-separated text file, open a Windows Powershell window and run a command that resembles the following: +To use the **Get-WinEvent** cmdlet to export the same log to a comma-separated text file, open a Windows Powershell window and run the following command: ```ps Get-WinEvent -logname "Microsoft-Windows-BitLocker/BitLocker Operational"  | Export-Csv -Path Bitlocker-Operational.csv ``` -You can use Get-WinEvent in an elevated PowerShell window to display filtered information from the system or application log by using a syntax that resembles the following: +You can use Get-WinEvent in an elevated PowerShell window to display filtered information from the system or application log by using the following syntax: - To display BitLocker-related information: ```ps @@ -109,7 +109,7 @@ Open an elevated Windows PowerShell window, and run each of the following comman ## Check the BitLocker prerequisites -Common settings that can cause issues for BitLocker include the following: +Common settings that can cause issues for BitLocker include the following scenarios: - The TPM must be unlocked. You can check the output of the **get-tpm** command for the status of the TPM. - Windows RE must be enabled. You can check the output of the **reagentc** command for the status of WindowsRE. From ca5abc36c6d3cef6365ca040ef423f3faa36b03d Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 14 May 2021 09:18:30 -0700 Subject: [PATCH 11/16] Update bitlocker-countermeasures.md --- .../bitlocker/bitlocker-countermeasures.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index c41e97d133..fc9b15fdef 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -197,4 +197,4 @@ For secure administrative workstations, Microsoft recommends TPM with PIN protec - [Blocking the SBP-2 driver and Thunderbolt controllers to reduce 1394 DMA and Thunderbolt DMA threats to BitLocker](https://support.microsoft.com/help/2516445/blocking-the-sbp-2-driver-and-thunderbolt-controllers-to-reduce-1394-d) - [BitLocker Group Policy settings](./bitlocker-group-policy-settings.md) - [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp) -- [Winlogon automatic restart sign-on (ARSO)](https://docs.microsoft.com/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-) +- [Winlogon automatic restart sign-on (ARSO)](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-) From be85d25a0b303ec2932a0aaaf762921c16c72a63 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Fri, 14 May 2021 09:21:38 -0700 Subject: [PATCH 12/16] Update troubleshoot-bitlocker.md fixing table --- .../bitlocker/troubleshoot-bitlocker.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md index 9843fb4961..2a08e910d0 100644 --- a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md +++ b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md @@ -87,8 +87,7 @@ You can use Get-WinEvent in an elevated PowerShell window to display filtered in Open an elevated Windows PowerShell window, and run each of the following commands. |Command |Notes | -| - | - | - +| --- | --- | |[**get-tpm \> C:\\TPM.txt**](/powershell/module/trustedplatformmodule/get-tpm?view=win10-ps) |Exports information about the local computer's Trusted Platform Module (TPM). This cmdlet shows different values depending on whether the TPM chip is version 1.2 or 2.0. This cmdlet is not supported in Windows 7. | |[**manage-bde –status \> C:\\BDEStatus.txt**](/windows-server/administration/windows-commands/manage-bde-status) |Exports information about the general encryption status of all drives on the computer. | |[**manage-bde c:
-protectors -get \> C:\\Protectors**](/windows-server/administration/windows-commands/manage-bde-protectors) |Exports information about the protection methods that are used for the BitLocker encryption key. | @@ -100,7 +99,7 @@ Open an elevated Windows PowerShell window, and run each of the following comman 1. Open an elevated Command Prompt window, and run the following commands. |Command |Notes | - | - | - | + | --- | --- | |[**gpresult /h \**](/windows-server/administration/windows-commands/gpresult) |Exports the Resultant Set of Policy information, and saves the information as an HTML file. | |[**msinfo /report \ /computer \**](/windows-server/administration/windows-commands/msinfo32) |Exports comprehensive information about the hardware, system components, and software environment on the local computer. The **/report** option saves the information as a .txt file. | @@ -136,4 +135,4 @@ Resolving issues that do not have obvious causes depends on exactly which compon - If BitLocker or the encrypted drive does not behave as expected, and you notice errors or events that are related to the TPM, see [BitLocker and TPM: other known issues](ts-bitlocker-tpm-issues.md). - If BitLocker or the encrypted drive does not behave as expected, see [BitLocker configuration: known issues](ts-bitlocker-config-issues.md). -We recommend that you keep the information that you have gathered handy in case you decide to contact Microsoft Support for help to resolve your issue. \ No newline at end of file +We recommend that you keep the information that you have gathered handy in case you decide to contact Microsoft Support for help to resolve your issue. From ac6167f3dbb28fcf97a3dc5eca481c312875cd97 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 14 May 2021 11:34:37 -0700 Subject: [PATCH 13/16] add patch info --- .../deploy-windows-mdt/create-a-windows-10-reference-image.md | 3 +++ .../prepare-for-windows-deployment-with-mdt.md | 3 +++ 2 files changed, 6 insertions(+) diff --git a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md index a7bf59ddef..2150a2ab0c 100644 --- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md +++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md @@ -661,6 +661,9 @@ After some time, you will have a Windows 10 Enterprise x64 image that is fully ## Troubleshooting +> [!IMPORTANT] +> If you encounter errors applying the image when using a BIOS firmware type, see [Windows 10 deployments fail with Microsoft Deployment Toolkit on computers with BIOS type firmware](https://support.microsoft.com/topic/windows-10-deployments-fail-with-microsoft-deployment-toolkit-on-computers-with-bios-type-firmware-70557b0b-6be3-81d2-556f-b313e29e2cb7). This + If you [enabled monitoring](#enable-monitoring), you can check the progress of the task sequence. ![monitoring](../images/mdt-monitoring.png) diff --git a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md index 5f3c2aa9ad..4250054f65 100644 --- a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md +++ b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md @@ -87,6 +87,8 @@ Visit the [Download and install the Windows ADK](/windows-hardware/get-started/a - [The Windows ADK for Windows 10](https://go.microsoft.com/fwlink/?linkid=2086042) - [The Windows PE add-on for the ADK](https://go.microsoft.com/fwlink/?linkid=2087112) - [The Windows System Image Manager (WSIM) 1903 update](https://go.microsoft.com/fwlink/?linkid=2095334) +- (Optional) [The MDT_KB4564442 patch for BIOS firmware](https://download.microsoft.com/download/3/0/6/306AC1B2-59BE-43B8-8C65-E141EF287A5E/KB4564442/MDT_KB4564442.exe) + - This patch is needed to resolve a bug that causes detection of BIOS-based machines as UEFI-based machines. If you have a UEFI deployment, you do not need this patch. >[!TIP] >You might need to temporarily disable IE Enhanced Security Configuration for administrators in order to download files from the Internet to the server. This setting can be disabled by using Server Manager (Local Server/Properties). @@ -97,6 +99,7 @@ Visit the [Download and install the Windows ADK](/windows-hardware/get-started/a 3. Start the **WinPE Setup** (D:\\Downloads\\ADK\\adkwinpesetup.exe), click **Next** twice to accept the default installation parameters, click **Accept** to accept the license agreement, and then on the **Select the features you want to install** page click **Install**. This will install Windows PE for x86, AMD64, ARM, and ARM64. Verify that the installation completes successfully before moving to the next step. 4. Extract the **WSIM 1903 update** (D:\\Downloads\ADK\\WSIM1903.zip) and then run the **UpdateWSIM.bat** file. - You can confirm that the update is applied by viewing properties of the ImageCat.exe and ImgMgr.exe files at **C:\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Deployment Tools\\WSIM** and verifying that the **Details** tab displays a **File version** of **10.0.18362.144** or later. +5. If you downloaded the optional MDT_KB4564442 patch for BIOS based deployment, see [this support article](https://support.microsoft.com/en-us/topic/windows-10-deployments-fail-with-microsoft-deployment-toolkit-on-computers-with-bios-type-firmware-70557b0b-6be3-81d2-556f-b313e29e2cb7) for instructions on how to install the patch. ## Install and initialize Windows Deployment Services (WDS) From 9b1a7c66a0cbae49d0283665872a60016e8e0a83 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 14 May 2021 12:27:56 -0700 Subject: [PATCH 14/16] fix warnings --- windows/sv/index.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/windows/sv/index.md b/windows/sv/index.md index 8f7cbe8630..d227b9886e 100644 --- a/windows/sv/index.md +++ b/windows/sv/index.md @@ -1 +1,14 @@ -# Welcome to SV! \ No newline at end of file +--- +title: No title +description: No description +keywords: ["Windows 10"] +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.author: greglin +manager: laurawi +ms.localizationpriority: high +ms.topic: article +--- \ No newline at end of file From 8c9a027d5c285567ed1ba3e884016bf09c953023 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 14 May 2021 12:30:30 -0700 Subject: [PATCH 15/16] fix warning --- windows/sv/index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/sv/index.md b/windows/sv/index.md index d227b9886e..958e8bb4b3 100644 --- a/windows/sv/index.md +++ b/windows/sv/index.md @@ -11,4 +11,6 @@ ms.author: greglin manager: laurawi ms.localizationpriority: high ms.topic: article ---- \ No newline at end of file +--- + +# \ No newline at end of file From c9d2378758b97beb15251b1a481a23ecfc089afd Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Fri, 14 May 2021 12:33:21 -0700 Subject: [PATCH 16/16] fix warning again --- windows/sv/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/sv/index.md b/windows/sv/index.md index 958e8bb4b3..700bfbca0e 100644 --- a/windows/sv/index.md +++ b/windows/sv/index.md @@ -13,4 +13,4 @@ ms.localizationpriority: high ms.topic: article --- -# \ No newline at end of file +# _ \ No newline at end of file