Hi
I am trying to save TPM owner password to Mbam 2.5 during TS, but can't get it to work.
I can see the Volume recovery keys do upload fine but not the TPM.
Basically what I do is
Make sure TPM is enabled in BIOS
Activate TPM in Winpe with Wmi script (objItem.SetPhysicalPresenceRequest(6)) so that the TPM is enabled and active but not owned. (this looks ok in the Task Sequence status messages)
Pre-Provision Bitlocker step in the TS
I install Mbam client during the Task Sequence
When the user logs on he gets prompted for a PIN (everything fine and working at this level)
By checking what happens with manage-bde I can see that the encryption is ok (used space only),
but the TPM password is never uploaded.
According to documentation, http://technet.microsoft.com/en-us/library/dn456883.aspx, I should set a key protector, so I tried to set TPM only. I get a policy change prompt after logon but still no TPM password.
One problem I have is that I do not know exactly when the TPM ownership is taken by Mbam (or how to force it), as I don't see much info in the logs. Should the paths to the Mbam DB be defined during the TS so that the client at next reboot, uploads them (like is the case when you start encryption with Mbam without pre provisioning) ?
I would like to keep if possible pre provisioning and used space only as I get the drives encrypted quickly and before the user gets the laptop.
Thanks in advance for your recommendations.
bruno
bruno