Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Premier Sign In Partner Program Sign In

Windows 10 IoT Enterprise for Dell Wyse Thin Clients Administrator’s Guide

PDF

Initialize TPM and enable BitLocker manually

Steps

  1. Log in to the administrator account.
  2. Disable Unified Write Filter.
    The thin client restarts.
  3. Log in to the administrator account again.
  4. Open tpm.msc using the run command menu.
  5. Verify the TPM status in Trusted Platform Module Management on the thin client.
    The status should be displayed as The TPM is ready for use.
  6. Click Close in Trusted Platform Module Management on the thin client.
  7. Open gpedit.msc using the run command menu.
  8. Go to Local Group Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives > Require additional authentication.
  9. In the Require additional authentication at startup window select the Enabled option.
    The Allow BitLocker without a compatible TPM check box is selected by default.
  10. Clear the Allow BitLocker without a compatible TPM check box.
  11. Click Apply and then click OK.
  12. Go to Local Group Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives > Allow enhanced PINs for startup.
  13. In the Allow enhanced PINs for startup window select the Enabled radio button and click Apply.
  14. Click OK.
  15. Go to Local Group Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives > Configure TPM platform validation profile for native UEFI firmware Configurations.
  16. In the Configure TPM platform validation profile for native UEFI firmware Configurations window select the Enabled radio button and click Apply.
  17. Click OK.
  18. Open gpupdate /force using the run command.
    You can also restart the thin client to apply the group policies.
  19. Go to Control Panel and click BitLocker Drive Encryption.
  20. Click Turn on BitLocker in the Operating system drive section.
  21. Select Enter a PIN (recommended) in the BitLocker Drive Encryption (C:) window.
  22. Enter the PIN (alphanumeric characters allowed) using the keyboard and reenter PIN in the BitLocker Encryption Drive (C:) window.
  23. Click Set Pin.
  24. Select Save to a file in the BitLocker Encryption Drive (C:) window.
  25. Click Next.
  26. Select the Encrypt entire drive (Slower but best for PCs and drives already in use) option in the BitLocker Encryption Drive (C:) window.
  27. Click Next.
  28. Select the Run BitLocker system check box and click Continue.
  29. Click Restart Now in the BitLocker Drive Encryption window.
  30. Enter the pin set in the BitLocker screen to boot to the thin client.
  31. Log in to the administrator account.
  32. Double-click BitLocker icon in the system tray and check for encryption status of the C: drive.
  33. Click Close.
  34. Go to This PC and verify that the C: drive is successfully encrypted.

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\