BItlocker TPM no Forced Reboot
HI ,
I am Running the bitlocker Script to ecrypt the primary Hard drive.
During this process the script checks the status of the TPM for Ownership, whether it is activated and enabled . If not it forces a reboot , and prompts you to to Enable the TPM module at boot up at the bios screen.
This is fine and works well. But I would like to stop it from forcing a reboot and promting next time the machine is restarted . Is this possbile? What change would I have to do?
here is part of the script
General 2 - Main script processing area
'----------------------------------------------------------------------------------------
ConnectTPMProv() 'Connect to the TPM WMI provider
If argProtect = "usb" Then
ConnectBDEProv() 'Connect to the volume encryption WMI provider
EvalGPO()
GetBDEStatus()
Else
GetTPMStatus() 'Get the current status of the TPM to determine action
ConnectBDEProv() 'Connect to the volume encryption WMI provider
'The following If statements cause the script to react differently depending on the TPM state
If bIsEnabled = "True" and bIsActivated = "True" and bIsOwned = "True" Then
objlog.writeline "TPM is in a ready state to enable BitLocker."
If argRO = "1" Then
objlog.writeline "Change TPM owner password specified on the command line."
DenTPMPassword
ChangeOwnerAuth strOldOwnerPassword,strOwnerPassword
EvalGPO()
GetBDEStatus()
Else
EvalGPO()
GetBDEStatus()
End If
Else If bIsEnabled = "True" and bIsActivated = "True" and bIsOwned = "False" Then
objlog.writeline "TPM ownership is not taken...will take ownership."
DenTPMPassword
OwnTPM
EvalGPO()
GetBDEStatus()
Else If bIsEnabled = "False" And bIsActivated = "False" and bIsOwned = "False" Then
objlog.writeline "TPM is not turned on...will Enable and Activate TPM and force a reboot."
EnableActivateTPM()
Else If bIsEnabled = "False" and bIsActivated = "False" and bIsOwned = "True" Then
objlog.writeline "TPM is not turned on...will Enable and Activate TPM and force a reboot."
EnableActivateTPM()
Else If bIsEnabled = "True" and bIsActivated = "False" and bIsOwned = "False" Then
objlog.writeline "TPM is turned but not activated...will Activate TPM and force a reboot."
EnableActivateTPM()
End If
End If
End If
End If
End If
End If
If strStatusCode = 1 then
strStatusData = strStatusTPMState & ". " & strStatusTPM & " " & "The volume has a protection status of: " & nProtStatus & ". " & strStatusBDE & ". " & "Script Completed Successfully"
objLog.writeline strstatusdata
CreateStatusMIF strStatusData
End if
objlog.writeline "Script ended " & Date & " " & Time
April 24th, 2012 7:54am
Hi,
The issue is more related to the Script. You may paste your issue in Scripting Forum:
http://social.technet.microsoft.com/Forums/en/ITCG/threadsKim Zhou
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
April 25th, 2012 5:38am
Thanks for your reply Kim,
I have just been bumped back to this thread section after posting in the script area , This seems to be quite complicated , To explain a bit further ;
I want to deploy bitlocker to a mass of laptops that have gone out without bitlocker being run . Encrypting the drive inst the problem. It is enabling the TPM . The script above will do what I want it to do apart from the forced reboot. I
dont want that as users might lose work , all I want it to do , is enable the tpm on the next bootup after the script has run .
April 25th, 2012 9:13am