K2000 enable Bitlocker Windows 10 and update bitlocker key in K1000
We are using the K2000 to deploy our Desktop and Laptop images using Scripted Installs. The Scripted Installs use Windows 10 2019 LTSC.
Is there a way to use a post-installation task to bitlock the drive of our laptops?
If so, after the drive is bitlocked, how can the bitlocker key be fed to the K1000 as a field in the Inventory of the device for that specific laptop?
Answers (3)
Top Answer
all informations can be found here:
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/manage-bde
so a post install task would countain at least manage-bde -on c: to encrypt the drive C (you can also add different other parameters if needed)
Since there are so many possibilities to extract the key, which differs regarding how you use bitlocker, there is no easy answer, but the manual (linked above) contains also many informations regarding that. You would likely need to create a script.
Hi bvanderveer,
i posted a blog how to get this done:) https://www.itninja.com/blog/view/kace-sma-bitlocker
´Kind Regards
Timo
Post installation tasks are capable of sending powershell scripts....
So if you have a PowerShell script designed to enable bit locker and lock a drive, you may upload the PS1 file into the KACE SDA(formerly known as K2000) as a post install task. (you must be in version 5.1 I think...)
This is another good guide using the KACE SDA:
http://www.itninja.com/blog/view/dell-k2000-windows-7-8-10-with-bitlocker-pre-provisioning
For the KACE SMA (formerly known as K1000), if you have a way to retrieve that Bitlocker key via Command Prompt, Powershell or Windows Registry, you could use a Script and a Custom Inventory rule to pull that information.
See:
https://support.quest.com/technical-documents/kace-systems-management-appliance/9.0%20common%20documents/administrator-guide/141
