How to enable trusted platform module using a ConfigMgr 2007 task sequence

Affected Platforms:

• OptiPlex
• Precision Workstations
• Latitude

Follow these steps for creating a task sequence to Enable TPM on a Dell Business Client System (Latitude, OptiPlex, or Precision Workstation).

This example uses the Dell Client Configuration Toolkit in a ConfigMgr task sequence. If you must enable TPM on computers that have the Dell OpenManage Client Instrumentation installed, you can call the Sample VBScripts directly from your task sequence, if you prefer.

The following steps describe how to prepare a ConfigMgr 2007 Task Sequence to Activate TPM and enable Windows BitLocker Drive Encryption. This is a sample task sequence that can be used with traditional software distribution, and it could be integrated into your Operating System Deployment Task Sequence. From the whitepaper Enabling TPM on Dell Business Client Systems, a BIOS password is required in order to enable and activate TPM. This Task sequence automates the required steps.

• Download and Install the latest version of the Dell Client Configuration Toolkit (CCTK)
  1. Go to Dell Drivers & Downloads
  2. Select a business client model (Latitude, OptiPlex, and so on) or supply your Service Tag
  3. Under Systems Management, select the Dell Client Configuration Toolkit
  4. Extract and Install on a supported operating system.
  5. Create ConfigMgr Packages for X86 and X64 CCTK, and Import the "Dell Enable TPM" Task Sequence
• Create ConfigMgr Packages for X86 and X64 CCTK, and Import the "Dell Enable TPM" Task Sequence
  1. Copy %ProgramFiles%DellCCTK* to a location that is used for Configuration Manager. You have two subfolders, x86, and x86_64
  2. Create two ConfigMgr Packages, using the source directory for x86 and x86_64. Send to Distribution Points
  3. Import the DellEnableTPM.xml Task sequence.
• Configure the Task Sequence
  1. Notice that the Task Sequence has been divided into two groups - one for x86 and one for x64 platforms. The group uses WMI Filters to ensure that the Task Sequence steps only run on Dell clients with the appropriate Operating System Architecture. You can view/modify these as necessary
  2. For each of the steps in the Task Sequence, specify the appropriate package. (all x86 steps require the x86 CCTK package, and the x64 steps require the x64 CCTK package)
     
  3. Notice in the previous image, we set a BIOS password. Modify this to your needs. If you already have a BIOS password, you can disable this step. Be sure to view/modify the other steps in this Task Sequence as needed.
  4. Also notice that a Restart Computer step was disabled for both x86 and x64. Depending on the model of your Dell, an additional reboot may be required between enabling TPM and Activating TPM.
  5. The final step is to Enable BitLocker - review the Microsoft TechNet documentation at Microsoft article Enable-BitLocker  for BitLocker requirements. From the document, you see that BitLocker requires two partitions. You can use the BitLocker Drive Preparation Tool (BdeHdCfg.exe) to reconfigure drives prior to enabling BitLocker. See https://technet.microsoft.com/en-us/library/ee732026(WS.10).aspx for more information.