Is it possible to capture a TPM enabled computer's image?
-
So we are now pushing out computers to have TPM enabled.
Instead of capturing an image with TPM disabled, then going back into the bios after to re-enable TPM, I’d like to have it down to just keeping TPM enabled when capturing/deploying images.
Is this possible?
The last image I captured was on a computer that had TPM enabled, bitlocker turned off (30GB image), and then when I deployed it on another machine it was asking for the bitlocker recovery key.
Any help would be much appreciated.
-
@vince-villarreal said in Is it possible to capture a TPM enabled computer's image?:
Is this possible?
Even if you could - the image would be encrypted using the golden-machine’s TPM chip which obviously won’t work on another machine.
-
@wayne-workman ok, so turn TPM off, capture, deploy to a computer with TPM off, then after the image turn TPM on.
Is that about the only way to do this?
-
@vince-villarreal Yep. This can be automated with group policy though. When a box joins your domain automatically via the FOG Client, you can have group policy turn on TPM. I suppose TPM would need turned off somehow via postinit scripts.