Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Windows 10 IoT Enterprise for Dell Wyse Thin Clients Administrator’s Guide

PDF

Initialize TPM and enable BitLocker using the imaging script

Prerequisites

Enable alphanumeric pin support for TPM and BitLocker using the following steps:
  1. Log in to the administrator account.
  2. Disable Unified Write Filter.

    The thin client restarts.

  3. Log in to the administrator account again.
  4. Open gpedit.msc using the run command menu.
  5. Go to Local Group Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives > Allow enhanced PINs.

    The Allow enhanced PINs for startup window is displayed.

  6. Select the Enabled option.
  7. Click Apply and then click OK.
  8. Open gpupdate /force using the run command.
  9. Restart the thin client to apply the group policies.

Steps

  1. Log in to the administrator account.
  2. Disable Unified Write Filter.
    The thin client restarts.
  3. Log in to the administrator account again.
  4. Uncomment the following lines and update the pin—minimum of six characters—for TPM encryption:
    • If you are using Wyse Management Suite or USB Imaging tool—Go to C:\Windows\Setup\CustomSysprep\Modules\Post_CustomSysprep.psm1 and uncomment the following lines:
      • #cd C:\Windows\setup\Tools\TPM\
      • #.\TPM_enable.ps1 -pin TC#1234
    • If you are using System Center Configuration Manager—Go to C:\Windows\Setup\ConfigMgrSysprep\Modules\Admin_ConfigMgrSysprep.psm1 and uncomment the following lines:
      • #cd C:\Windows\setup\Tools\TPM\
      • #.\TPM_enable.ps1 -pin TC#1234
  5. Change the password to an alphanumeric format.
  6. Go to C:\Windows\Setup.
  7. Run Build_master.
  8. Run Custom Sysprep if you are using Wyse Management Suite or USB Imaging tool or ConfigMgr Sysprep if you are using System Center Configuration Manager.
    The thin client automatically turns off.
  9. Turn on the thin client and pull the image from the thin client.
  10. After the image pull is complete, push the image to the target client. Wait for the execution of first boot scripts and BitLocker encryption to complete.
    When the Sysprep is completed the target thin client reboots and the TPM is enabled.
  11. Enter the BitLocker password and verify the new alphanumeric password.
  12. Log in to the administrator account and verify the encryption of the C drive.

    NOTE: To update the BIOS in BitLocker encryption do the following:

    1. Copy the BIOS executable file to the USB drive.
    2. Connect the USB to the respective thin client.
    3. Right-click the BIOS executable and select Run as administrator.
    4. Select the Suspend BitLocker Drive Encryption checkbox and then click Update. Thin client reboots and the BIOS is updated. Also the BitLocker is suspended for one reboot.
    5. Reboot the thin client to ensure that the BitLocker is active.

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\