Hi All,
We have 200 Lenovo laptops (all T4xx series running either Windows 7 or WIndows 8.1 Enterprise) across our company that require BitLocker to be enabled. I am thinking the best way to achieve this is a logon script via Group Policy. We do not have SCCM or any other tool deployed.
I have searched far and wide for methods to achieve this but can't seem to make it work.
1) Turning on the TPM
I've found the VBScripts from Lenovo that allow me to check and enable the TPM chip in BIOS via WMI. This has been tested and works fine.
2) Initialize the TPM
This part I'm stuck on. Every guide I've found including the ones on TechNet detail using tpm.msc which is a hands on approach. I need to do this via script all hands off. Any help here?
3) Enable BitLocker
I've read several guides, most of which suggest using 'manage-bde -on C: -tsk -RecoveryPassword' but running this command on a machine with an enabled & initialized TPM spits the error: "-TSK is missing a parameter" but nothing tells me what parameter it is expecting.
Maybe i'm going about this all the wrong way but and suggestion is appreciated.
Thanks Christoph