Manually enable Bitlocker on Hyper-V Gen 2 Virtual Machine

Yes, you can automatic enable Bitlocker on your Hyper-V Gen 2 virtual machine during OSD, please read Niall Brady’s post https://www.windows-noob.com/forums/topic/12608-how-can-i-enable-bitlocker-on-hyper-v-gen-2-virtual-machines-during-osd-using-system-center-2012-r2-configuration-manager/

But if you already install a Hyper-V Gen 2 virtual machine, and you want to enable bitlocker, you can do it manually.

Wait a sencond, why do I want bitlocker on my virtual machine? Well, I need to test how bitlocker effect Windows 10 InPlace Upgrade. sepecially when using bitlocker start up PIN. So in virtual machine, I can setup bitlocker start up password, and see does SCCM know how to suspend the bitlocker password and continue InPlace upgrade.

Here are the steps:

  1. Open cmd as administrator.
  2. Set AES-256 Engryption
    REG.exe add "HKLM\Software\Policies\Microsoft\FVE" /v "EncryptionMethod" /t REG_DWORD /d 2

     

  3. Allow enable bitlocker for no TPM chip
    REG.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE" /v UseAdvancedStartup /t REG_DWORD /d 00000001 /f
    
    REG.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE" /v EnableBDEWithNoTPM /t REG_DWORD /d 00000001 /f
    
    REG.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE" /v UseTPM /t REG_DWORD /d 00000002 /f 
    
    REG.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE" /v UseTPMPIN /t REG_DWORD /d 00000002 /f
    
    REG.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE" /v UseTPMKEY /t REG_DWORD /d 00000002 /f
    
    REG.exe ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE" /v UseTPMKeyPIN /t REG_DWORD /d 00000002 /f

    bitlocker1Set AES-256 and enable allow bitlocker without TPM

  4. Enable bitlocker with password
    manage-bde -on C: -pw

     

  5. Create a password, you won’t see anything when you type it.
    bitlocker2

    Enable bitlocker on C: Drive and create password

     

  6. Restart virtual machine, it will ask for your bitlocker password.
    bitlocker3
  7. Check if you C drive has bitlocker enabled.
    bitlocker4

Continue reading

Advertisements

#bitlocker, #windows10

A computer that is running Windows 10 Version 1511 reverts to a previous date and time

Perhaps not many people have this issue, but I would like to mention it here.

The system date and time setting on a computer that is running Windows 10 Version 1511 (build 10586.xx) incorrectly reverts to a date and time that is at least one day in the past.

https://support.microsoft.com/en-us/kb/3160312

If your envirment is in a private network or proxy, I suggest you run this step in your win 10 image capture process:

Net stop w32time

W32tm.exe /unregister

W32tm.exe /register

net start w32time

W32tm.exe /resync /force

How do you know you have time sync problem?

  1. After machine is installed, time in the log on screen is wrong.
  2. installation log file smsts.log, you will see the time is jumping in Data/Time column. (use cmtrace to read log files, not notepad)
  3. machine BIOS clock might changed itself.
  4. SMSTSUDAUSERS is not set

 

 

#troubleshooting, #windows10