Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, November 14, 2012 10:13 PM
I am trying to enable bitlocker during OSD, but the task sequence won't allow me to enter an alphanumeric pin. Does SCCM not support using an "Enhanced PIN" for bitlocker?
All replies (5)
Saturday, December 1, 2012 8:07 PM
what does the smsts.log file reveal during the enable bitlocker step ? if it's not doing what you want have you tried using a script to achieve the desired result.
Step by Step Configuration Manager Guides > 2012 Guides | 2007 Guides | I'm on Twitter > ncbrady
Wednesday, January 9, 2013 4:33 PM
I´m having the same issue, smsts.log shows me same errors as I would do this in command promt:
Failed to run the action: Set PIN to Bitlocker.
Your PIN can only contain numbers from 0 to 9. (Error: 803100CC; Source: Windows)
I have GPO settings set, which enables enchased PIN, and after I enabled this, it actually works in command line, but my TS is too short and I think all policies are not applied during the PIN step.
I´ll test this with full TS and get back to this.
Wednesday, January 9, 2013 4:58 PM
Sorry Niall, I missed your reply somehow. In this case, it's not an issue that occurs during deployment of the task sequence, but rather when creating or editing the task sequence.
In my OSD TS, I added an "Enable Bitlocker" step. In the properties of this step, I select "Current Operating System Drive" and "TPM and PIN". In the text field next to TPM and Pin, I try typing the alphanumeric bitlocker Pin that we use, i.e. ABCD1234. The field does not accept alpha characters, only numeric.
Wednesday, January 9, 2013 9:16 PM
I just learned and tested this today. To create complex PIN, you should to:
- Make sure the GPO will apply to you machine during TS run, before Bitlocker tasks.
- In computer side GPO, enable this setting "Allow enhanced PINs for startup"
- Keep your bitlocker step only enabling TPM
- After that, create new Run Command Line step with this command:
manage-bde -protectors -add c: -tpmandpin XxxXXXXXxX
..where XxxXXXx is your desired PIN password.
Monday, June 13, 2016 10:44 AM
Exact solution for the above request.