Enabling bit locker on existing computers using a Task Sequence.

Similar Messages

• Deploying the SCCM 2012 Client to WES 7 devices that are locked down with the FBWF using 2007 task sequence via WEDM.

  I'm wondering how people are migrating their embedded devices that are using the FBWF. I've done some googling and it seems like most people are just re-imaging the devices and after migrating a single device i see why. Its not a pretty process. This will
  be a long description but ultimately my question stems more from trying to find a better way to execute the device migration from 2007 to 2012.
  Some back ground on my situation might be in order here. I'm in the process of wrapping up our 2007 to 2012 migration. We have a 2007 infrastructure that was a central server with 2 primaries and 286 secondary site servers. I've consolidated that to a single
  2012 primary site server that hosts all the main roles. There are 2 more servers in the data centers both operating solely as push distribution points I'll refer to them as 2012 01 02 and 03. I'm over half way through the migration and so far haven't needed
  to offload any site roles. There are almost 10,000 clients now reporting to the 2012 site server and almost a 100 field servers pulling content from 2012 02 as their source dp as pull dp is the only way forward for this many devices. I've read the horror stories
  of trying spin up 200 plus push dps. We are running PKI. I'm at the point now where i need to start migrating the Windows Embedded Seven Standard clients that have the 2007 sccm client on them with WEDM for write filter handling.
  What i'm wondering is if anyone has any pointers for me regarding migrating the WES 7 devices. My plan that i've come up with is to somehow script the process using a 2007 WEDM Task Sequence to try and migrate them over to 2012. Things are complicated as
  I need to somehow script the install, the policy checkin, hardware inventory, software inventory, and validate the SCEP client installs before I reboot the device one last time to enable the FBWF. How I handled the SCCM 2007 client install on these devices
  when they were provisioned was to just create a batch file that would sleep for ten minutes then check to see if the inventoryagent.log file had been created yet. I realize now that is inefficient as i can kick off the inventory using a WMI method once the
  client has installed. Also I need to make sure the machine gets its first policy as that is how it creates the communication using PKI through that first policy transfer and that also finalizes the client install. The biggest piece i'm uncertain about in this
  regard is the SCEP client.
  I had to change the SCEP client install from yes to no in the default client settings as we have some Mcaffee servers that can't have the SCEP client on them. I have incremental updates enabled on the collection that has the policy that installs the SCEP
  client but this will take an unknown amount of time unless i force the environment to update as the device starts in 2012 install, or if I could kick off the SCEP isntall... IDK. I'm also wondering if i should keep the device in the migration process until
  i validate it has its proper scep policy applied which I believe can be validated by a registry key somewhere.
  Once the 2012 client gets installed will that cause it to lose its place within the 2007 Task Sequence? Considering its going to take a minimum of 2 reboots I'd normally use the task sequence to handle its progression through the process.
  I'm also considering trying to use an Orchestrator runbook, as that would be a good way to keep track of the migration process as each device migrates. Especially since this might take several seperate scripts.
  I'm going to take a stab at scripting the migration process, but if anyone has any pointers that might make this a less complicated I'd really appreciate it as I've got about 3000 of these devices that need to be migrated over. The other things i've learned
  the hard way is any time you have something this complicated over the course of 3000 devices you will run into unknowns and the failure rate increases. I'm in the precarious position of having to not only build this process out but in some situations have
  it complete in the shortest amount of time possible as we have sites running 24x7. I know the end users behavior all to well and they will just keep hitting the power button sometimes even though their not supposed to so they can get their device functional
  again. In those situations i'd end up, if i'm lucky with a device that no longer has a healthy SCCM client in either environment and the write filter disabled.
  So like i said any pointers anyone could throw my way i'd really appreciate. I manually went through the migration process on a single device for proof of concept and ended up with almost 2 pages of pseudo code for my migration script/scripts.
  Thanks,
  -K.R.

  Hi,
  In R2 there are some new variables you can use to solve this,
  http://ccmexec.com/2014/12/smstsmplistrequesttimeout-value-in-milliseconds/
  In Sp1 though adding a step to sleep for 2-5 minuter after reboot and before the application install step is a common workaround.. a powershell command with "Start-Sleep
  -s 120" should do it. 
  /Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Enabling Remote Desktop for Windows 7 as a task sequence

  Hi there.
  I have a task sequence to automate the creation of a base image of Windows 7 x64 Professional. In my base image I would like to have Remote Desktop enabled by default for all users. Is there a command or a script to do this that I can add into my task sequence to make this possible?
  Thanks.

  I have to agree except I can't understand why anyone would use anything other than the unattend.xml.  You can do all that plus so much more and it's the way Microsoft provides to do it.  This is my complete x64 unattend.xml version but I also have
  an x86 version.  This should give you some idea of it's capabilities.
  Drop the unattend.xml file into a package and reference it in the Task Sequence as shown below.  I dropped both my x86 and x64 version of the unattend.xml into the package.  I use an OSD HTA menu on the frontend to let helpdesk pick
  between x86 and x64.  I cropped the picture up a bit and took out company specific info but you should get the idea from the screen captures.  This is how I deploy x86 and x64 in a single task sequence. I mark every line with a condition in the task
  sequence with (C) which makes it easier to find lines with conditions.  I use the condition to assign x86 and x64 software among other things.  The selection in the HTA pretty much triggers everything.
  <?xml version="1.0" encoding="utf-8"?>
  <unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
     <settings pass="auditSystem">
     </settings>
     <settings pass="auditUser">
     </settings>
     <settings pass="generalize">
     </settings>
     <settings pass="offlineServicing">
     </settings>
     <settings pass="oobeSystem">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
           <OOBE>
              <HideEULAPage>true</HideEULAPage>
              <NetworkLocation>Work</NetworkLocation>
              <SkipMachineOOBE>false</SkipMachineOOBE>
              <SkipUserOOBE>false</SkipUserOOBE>
              <ProtectYourPC>3</ProtectYourPC>
           </OOBE>
           <UserAccounts>
              <DomainAccounts>
                 <DomainAccountList wcm:action="add">
                    <DomainAccount wcm:action="add">
                       <Name>Workstation Admins</Name>
                       <Group>Administrators</Group>
                    </DomainAccount>
                    <Domain>DOMAIN</Domain>
                 </DomainAccountList>
              </DomainAccounts>
           </UserAccounts>
        </component>
     </settings>
     <settings pass="specialize">
        <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
           <EnableLUA>false</EnableLUA>
        </component>
        <component name="Security-Malware-Windows-Defender" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="
  http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance ">
           <DisableAntiSpyware>true</DisableAntiSpyware>
        </component>
        <component name="Microsoft-Windows-SystemRestore-Main" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
           <DisableSR>1</DisableSR>
        </component>
        <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
           <DomainProfile_EnableFirewall>false</DomainProfile_EnableFirewall>
           <PrivateProfile_EnableFirewall>true</PrivateProfile_EnableFirewall>
           <PublicProfile_EnableFirewall>true</PublicProfile_EnableFirewall>
        </component>
        <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
          <RunSynchronous>
            <RunSynchronousCommand wcm:action="add">
              <Path>reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\FirstNetwork" /v Category /t REG_DWORD /d 00000000 /f</Path>
              <Description>Setting Network Location</Description>
              <Order>1</Order>
            </RunSynchronousCommand>
          </RunSynchronous>
        </component>
        <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
           <fDenyTSConnections>false</fDenyTSConnections>
        </component>
        <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
           <DisableAccelerators>true</DisableAccelerators>
           <DisableOOBAccelerators>true</DisableOOBAccelerators>
           <SuggestedSitesEnabled>false</SuggestedSitesEnabled>
           <DisableFirstRunWizard>true</DisableFirstRunWizard> 
           <DisableWelcomePage>true</DisableWelcomePage>
           <Home_Page>http://www.google.com</Home_Page>
           <SearchScopes>
              <Scope wcm:action="add">
                 <ScopeDefault>true</ScopeDefault>
                 <ScopeDisplayName>Google</ScopeDisplayName>
                 <ScopeKey>SearchProvider1</ScopeKey>
                 <ScopeUrl>http://www.google.com/search?q={searchTerms}</ScopeUrl>
              </Scope>
           </SearchScopes>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
          <TimeZone>Central Standard Time</TimeZone>
        </component>
     </settings>
  </unattend>

• SCCM OSD using MDT task sequence

  Hi all,
  Is it right if I capture an image from a Windows 7 machine using SCCM capture media, then deploy it to an existing Windows XP(for migration) using "Create a new
  Microsoft Deployment task sequence" wizard (this option appears after integrating MDT with SCCM)? I have this scenario but the targeted machine is not getting joined to domain, I suspect the issue is with sysprep as image that we get using sccm capture
  media does not sysprep the reference machine.
  What do you think?

  I checked the logs and I believe the issue is with sysprep, I found the below in the netsetup.log:
  12/15/2014 20:18:54:823 NetpChangeMachineName: from 'OSD-PC' to 'OSD-PC' using 'ssc.gov.jo\majmajali' [0x1000]
  12/15/2014 20:18:54:823 NetpDsGetDcName: trying to find DC in domain 'SSC', flags: 0x1010
  12/15/2014 20:18:54:823 NetpDsGetDcName: found DC '\\DC5' in the specified domain
  12/15/2014 20:18:54:823 NetpGetLsaPrimaryDomain: status: 0x0
  12/15/2014 20:18:54:823 NetpGetDnsHostName: Read NV Domain: ssc.gov.jo
  12/15/2014 20:18:54:838 NetpGetComputerObjectDn: Cracking account name SSC\OSD-PC$ on
  \\DC5
  12/15/2014 20:18:54:838 NetpGetComputerObjectDn: Crack results:  (Account already exists) DN = CN=OSD-PC,CN=Computers,DC=ssc,DC=gov,DC=jo
  12/15/2014 20:18:54:838 NetpModifyComputerObjectInDs: Initial attribute values:
  12/15/2014 20:18:54:838   DnsHostName  =  OSD-PC.ssc.gov.jo
  12/15/2014 20:18:54:838   ServicePrincipalName  =  HOST/OSD-PC.ssc.gov.jo  RestrictedKrbHost/OSD-PC.ssc.gov.jo  HOST/OSD-PC  RestrictedKrbHost/OSD-PC
  12/15/2014 20:18:54:838 NetpModifyComputerObjectInDs: Computer Object already exists in OU:
  12/15/2014 20:18:54:838   DnsHostName  =  OSD-PC.ssc.gov.jo
  12/15/2014 20:18:54:838   ServicePrincipalName  =  TERMSRV/OSD-PC.ssc.gov.jo  RestrictedKrbHost/OSD-PC.ssc.gov.jo  HOST/OSD-PC.ssc.gov.jo  TERMSRV/OSD-PC  RestrictedKrbHost/OSD-PC  HOST/OSD-PC
  12/15/2014 20:18:54:838 NetpModifyComputerObjectInDs: There are _NO_ modifications to do
  12/15/2014 20:18:54:838 ldap_unbind status: 0x0
  12/15/2014 20:18:54:838 NetpChangeMachineName: status of setting DnsHostName and SPN: 0x0
  The windows XP machine name to be migrated is OSD-Test, but the task sequence is making computer name the same as the reference (OSD-PC) despite task sequence is already configured to migrate that XP machine network and windows configuration (including
  hostname).
  I believe you are right, I should create build and capture task sequence in MDT, and in the reference machine I run the below command to capture an image:
  cscript “\\MDT server\Deploymentshar1$\scripts\litetouch.vbs.  After this capture is done the machine will get into oobe (if all is ok).  What do you
  think?

• Distribute Customer Updates in SCCM 2012 (CU's) using a Task Sequence

  I want to utilize a Task Sequence to Distribute Customer Updates to SCCM 2012 Clients.  I currently have 2 collections for pre-CU 4 clients, one for 32 Bit Clients (x86) , one for 64 Bit Clients (x64).  I have a package pertinent to each collection
  which I use to distribute the updates.
  However, instead of segregating them by collection, I would like to have one big collection, and have the Task Sequence sort out which package should load on which collection.
  I've tried using the RUN COMMAND LINE, and INSTALL PACKAGE options to no avail.  Is there a way to utilize a Task Sequence for this undertaking, or should I just continue the way I'm currently doing it.
  Thanks ,
  Dan

  You can set Collection Variables for the two collections, then add running condition in the Task Sequence Steps for corresponding collections.
  Juke Chou
  TechNet Community Support

• Where to put unattend.xml when using create task sequence media

  SCCM 2012 R2.
  I created a capture task sequence media to a flash drive. I noticed the capture media does run sysprep even though it is not located on the flash drive. Where do I put my customized unattend.xml for sysprep? Does it go in c:\sysprep 
  There is no documentation on this that I can find.

  sysprep doesn't use an unattend.xml file so you don't put it anywhere. You supply a custom unattend.xml during the deployment task sequence which in turn is delivered as part of the TS for use by WIndows Setup (which is what actually uses an unattend.xml
  file). Task Sequence media has nothing to do with sysprep either. I think you may be confusing sysprep with Windows mini-setup. sysprep is the process of generalizing a system generally preparing it to be captured. Windows mini-setup is what runs the first
  time a syspreped system is booted. They are two different things.
  You *can* place an unattend.xml file the image for use by Windows mini-setup -- the locations mini-setup will look for this file are detailed at
  http://technet.microsoft.com/en-us/library/cc749415(v=WS.10).aspx . But that is rarely done anymore with task sequences because you generally want to dynamically inject an unattend.xml
  file into the process instead of statically placing one in the image -- that defeats the purpose of having a generic reference image. This is done by configuring the Apply Windows step in a deployment task sequence.
  Still, that begs the question posed by narcoticoo. Your reference image(s) should be hardware agnostic, built on a VM, and automated. What you are doing will cause you pain in the long run.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Deploy all software updates using SCCM task sequences

  Hi, we are using System Center Configuration Manager 2012 R2 and I want to include software update installation part within the OSD.
  So far I tried below links but not able to make it work:
  https://technet.microsoft.com/en-in/library/bb632402.aspx
  http://www.gerryhampsoncm.blogspot.ie/2013/04/sccm-2012-sp1-step-by-step-guide-part_5.html
  http://dptechjournal.blogspot.in/2014/04/weekly-lab-patching-task-sequence.html
  https://social.technet.microsoft.com/Forums/systemcenter/en-US/b525aafc-b613-49a2-9015-3ae1c2db2e01/applying-software-updates-through-a-task-sequence
  Can someone help me with this please?
  ~VST
  ~VST

  Hi,
  Please provide more information. If the task sequence failed to run, you need to check smsts.log and update logs on the client.
  https://technet.microsoft.com/en-us/library/hh427342.aspx#BKMK_SU_NAPLog
  Best Regards,
  Joyce
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Finalize preinstalled computers with SCCM task sequence

  Hi,
  I need some help to find the best solution for using SCCM to finalize preinstalled computers from factory.
  We are giving our thin image to HP who will install the image on the computers at their factory. But when we receive the computer, we need to finalize it which involves the following actions:
  Change computername
  Join domain
  Install applications
  The idea was to connect the computer to LAN, boot pxe and start an TS job. What we basically need is a OSD job which does not apply an image...
  Anybody with any experience or ideas on how to solve this? An alternative solution is to use scripts, but this is not the most optimal way I think.
  Help?! J
  Rune

  Are you already using prestage media? That was exactly designed for such a scenario:
  http://technet.microsoft.com/en-us/library/79465d90-4831-4872-96c2-2062d80f5583#BKMK_CreatePrestagedMedia
  Torsten Meringer | http://www.mssccmfaq.de

• Trying to use a task sequence to add a computer to a security group

  I am using the following code to try to add a security group to a computer account when I am imaging using MDT 2012.  I get the following errors after the imaging process has completed.  
  Any help would be greatly appreciated.
  Thanks,
  Andy
  Exception calling "InvokeMember" with "5" argument(s): "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"
  TaskSequencePSHost 03/24/2015 8:45:29 AM
  0 (0x0000)
  At \\AOTWDS01V\DeploymentShare$\Scripts\dagroup.ps1:26 char:2
  +     $UserDN = $SysInfo.GetType().InvokeMember("ComputerName", "GetProperty", $Null, ...
  +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  TaskSequencePSHost 03/24/2015 8:45:29 AM
  0 (0x0000)
  NotSpecified: (:) [], MethodInvocationException
  TaskSequencePSHost 03/24/2015 8:45:29 AM
  0 (0x0000)
  The following exception occurred while retrieving member "Get": "The specified domain either does not exist or could not be contacted.
  " TaskSequencePSHost
  03/24/2015 8:45:31 AM 0 (0x0000)
  At \\AOTWDS01V\DeploymentShare$\Scripts\dagroup.ps1:30 char:2
  +     $strDomainPath = $ORoot.Get("defaultNamingContext")
  +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  TaskSequencePSHost 03/24/2015 8:45:31 AM
  0 (0x0000)
  NotSpecified: (:) [], ExtendedTypeSystemException
  TaskSequencePSHost 03/24/2015 8:45:31 AM
  0 (0x0000)
  Exception calling "Execute" with "1" argument(s): "An invalid directory pathname was passed
  " TaskSequencePSHost
  03/24/2015 8:45:32 AM 0 (0x0000)
  At \\AOTWDS01V\DeploymentShare$\Scripts\dagroup.ps1:38 char:3
  +         $oRs = $oConnection.Execute("SELECT adspath FROM 'LDAP://$strDomainPath' WHERE ...
  +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  TaskSequencePSHost 03/24/2015 8:45:32 AM
  0 (0x0000)
  NotSpecified: (:) [], MethodInvocationException
  TaskSequencePSHost 03/24/2015 8:45:32 AM
  0 (0x0000)
  Param(
  [string[]]$GroupNames,
  [String]$Admin,
  [String]$Password
  if($GroupNames)
  [int] $ADS_PROPERTY_APPEND = 3
  #Get the computer DN
  $SysInfo = New-Object -ComObject "ADSystemInfo"
  $UserDN = $SysInfo.GetType().InvokeMember("ComputerName", "GetProperty", $Null, $SysInfo, $Null)
  $ComputerDN = "LDAP://$UserDN"
  #Get the Domain DN
  $ORoot = [ADSI]"LDAP://rootDSE"
  $strDomainPath = $ORoot.Get("defaultNamingContext")
  #Create ADODB connection
  $oConnection = New-Object -ComObject "ADODB.Connection"
  $oConnection.Provider= "ADsDSOObject"
  $oConnection.Open("Active Directory Provider")
  foreach($groupname in $GroupNames)
  #Get the specefied group
  $oRs = $oConnection.Execute("SELECT adspath FROM 'LDAP://$strDomainPath' WHERE objectCategory='group' AND  Name='$groupname'")
  If (!$oRs.EOF)
  $strAdsPath = ($oRs.Fields |  Select value ).value
  If($strAdsPath)
  If($Admin -and $Password)
  $objGroup = New-Object DirectoryServices.DirectoryEntry($strAdsPath,$Admin,$Password)
  Else
  $objGroup = [ADSI]$strAdsPath
  $objComputer = [ADSI]$ComputerDN
  #verify if the computer is a member of the Group
  If ($objGroup.ismember($objComputer.adspath) -eq $false) 
  #Add the the computer to the specefied group
  $objGroup.PutEx($ADS_PROPERTY_APPEND,"member",@("$UserDN"))
  $objGroup.setinfo()

  If you are using UserID UserDomain UserPassword those variables are base64 encoded.  You could decode them via something similar to this:
  https://social.technet.microsoft.com/Forums/en-US/6c11827f-982d-4fa1-a76d-70a615912d62/mdt-2012-automation-example-of-how-to-use-userdomainuserid-userpassword-in-a-script-move-ou?forum=mdt
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• How to apply registry file using MDT task sequence

  Hi, I have exported the registry file and now i want to use this registry file in MDT TS so that the same changes will be deployed to all the user. How can i use registry file in MDT TS

  A simple way would be to place the file on the network and run cmd sequence
  regedit.exe /s \\xxx.xxx.xxx.xx\share\test.reg
  Best Regards,
  Jesper Vindum, Denmark
  Systems Administrator
  Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

• Bit locker Mutliple Drives Mutliple OS's

  I have a laptop with two hard drive in it.  The primary has Windows 7 Enterprise and is a member of the corporate domain.  The secondary has Server 2008 R2 and is a member of the lab domain.  There is no trust or association between domain. 
  The laptop does the Windows multi-boot off the primary drive.  I want to enable bit locker to secure the drives.
  If the two windows environments were exclusively separate, setting up bit locker on each drive independently would be pretty straight forward, but when I'm in one OS, I will frequently need to get files and data from the other drive (and no, making each
  drive big enough to hold all it's own data is not an option, plus the synchronization headache).  Both drives will need to be bit locked to their respective OS, but the other drive will need to be accessible.
  And not to make things too easy, the secondary drive, which i put in an optical drive bay carrier, routinely gets pulled (not while the system is running, of course) out and popped into a USB case to be used as a library transfer drive. 
  So....
  the Windows 7 drive needs to be natively bit locked.  and be accessible when running Windows 2008 from the second drive.
  the Windows 2008 R2 drive needs to be natively bit locked, and be accessible when running Windows 7 from the first drive, and be accessible when run as a stand-alone USB drive on another system.
  I would appreciate any wisdom you can share to make this all work.  And please presume that i know next to nothing about installing and running bit locker, because that's pretty much true.
  Let me know if you need more information about my configuration.
  Thanks

  Hi,
  "and be accessible when run as a stand-alone USB drive on another system."
  Firstly, if you enable bitlocker for one drive, it will be encrypted always until you decrypt it. Thus after you insert it to any system, it need to enter the credential to access it.
  And then, if you want to access one drive in another computer, you need to get the shared permission. After you' re granted the sufficient permission, you could access it no matter if it's encrypted. Of course, another computer must be started.
  Karen Hu
  TechNet Community Support

• BIT Locker Key is not working in a first attempt.

  I have enabled bit locker key for my system. when I restart the system it will ask for bit locker and like how many time I enter the password it won't work and says wrong key. My friend suggested a temporary solution which is working. I have remove
  keyboard before booting. after booting I have to plugin the keyboard and now the bit locker key works. I am not able find the problem. Please help.
  OS : Windows 7 enterprise edition 32bit
  Mallik K

  Hi,
  What's the type of your computer? Desktop or Laptop? Have you tried to use other keyboard to test this problem.
  As In my opinion, Since it shows password input error, it should not Bitlocker encrypt problem. Maybe system couldn't identify the character you typed, maybe it is keyboard or its driver problem. It would be better to change another keyboard to check this
  problem for test.
  Roger Lu
  TechNet Community Support

• Bit Locker Decrypt

  Hai
  I am using Windows 7 Enterprise 32 bit Os. I have encrypt my external hdd with bit locker. i am not using this hdd after log time. i for got my bit locker password. my system was formated due to some problem. i have the recovery key but it is not working.
  kindly give me any idea for unlock encrypted external hard disk.

  the only way to recover data will be using a working recovery key.
  http://technet.microsoft.com/en-us/library/ee424308(v=ws.10).aspx
  MCP/MCSA/MCTS/MCITP

• Ultrascale gen3 core: Bus Master Enable bit cannot be set

  Hi, I am running DMA simulation on Ultrascale gen3 core and I find that the Bus Master Enable bit of RP end cannot be set.
  In TSK_SYSTEM_INITIALIZATION, the system configures the command register using:
  board.RP.cfg_usrapp.TSK_WRITE_CFG_DW(32'h01, 32'h00000007, 4'h1);
  This changes the cfg_function_status[15:0] from 16'h0088 to 16'h008b, which means that it only changes bit 0 and bit 1, but does not change the bus master enable bit.
  I tried to use TSK_WRITE_CFG_DW to write to command register againt, but it seems that only bit 0 and bit 1 can be modified. How can I solve this bug? Many thanks!
  Pei Luo
   

  Hi, Vanitha,
  Thanks for your response!
  I am using Xilinx RC model. I also find that TSK_WRITE_CFG_DW takes negative byte enable, but I think this is a bug here. In gen2 PCIE RC model, it used to be negative enable, but in gen3 it should be positive enable. I tried to use negative enable in the code and it does not work here.
  Thanks!
  Pei 

• SCCM 2012 - Maintenance Windows Issue with Update Deployment using Task Sequence

  Hi Guys,
  I have a question for you!!
  We use a Task Sequence to deploy "Patch Tuesday" security fix; we use the integrated step "Install Software Update" and the Task Sequence run during Maintenance Windows (1 hour).
  We notice that the time remaining is not recalculated on every software update installation occur (http://blogs.technet.com/b/csloyan/archive/2010/10/24/maintenance-window-calculations-explained.aspx);
  it's correct?
  The formula indicated in the link above is not considered in this type of software update deployment (Install Software Update task sequence step)?
  Thanks a lot.
  David

  Hi,
  Any update?
  Is the time remaining recalculated after each update is installed when using the Software Update Group directly as Torsten said?
  Best Regards,
  Joyce
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]