Update set-up-mdt-for-bitlocker.md

Separated into new step the GPO setting for System / Trusted Platform Module Services.
Changed format of Note; added a space between quote marker and text.
This commit is contained in:
Baard Hermansen
2019-09-17 11:22:54 +02:00
committed by GitHub
parent 6aa2246b67
commit 753a01dae2

View File

@ -79,8 +79,8 @@ Following these steps, you enable the backup of BitLocker and TPM recovery infor
3. Do not enable BitLocker until recovery information is stored in AD DS for operating system drives
2. Enable the **Configure TPM platform validation profile for BIOS-based firmware configurations** policy.
3. Enable the **Configure TPM platform validation profile for native UEFI firmware configurations** policy.
Computer Configuration / Policies / Administrative Templates / System / Trusted Platform Module Services
4. Enable the **Turn on TPM backup to Active Directory Domain Services** policy.
4. Computer Configuration / Policies / Administrative Templates / System / Trusted Platform Module Services
1. Enable the **Turn on TPM backup to Active Directory Domain Services** policy.
> [!NOTE]
> If you consistently get the error "Windows BitLocker Drive Encryption Information. The system boot information has changed since BitLocker was enabled. You must supply a BitLocker recovery password to start this system." after encrypting a computer with BitLocker, you might have to change the various "Configure TPM platform validation profile" Group Policies, as well. Whether or not you need to do this will depend on the hardware you are using.