Manualshelf

Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureWyse 7040 Thin Client
21222324252627282930
Automatic
Manual
Disabled
NOTE: Make sure the Write Filter is disabled while managing the services.
Using TPM and BitLocker
A TPM is a microchip designed to provide basic security-related functions, primarily involving encryption keys. BitLocker Drive Encryption
(BDE) is a full disk encryption feature which is designed to protect data by providing encryption for entire volumes. By default it uses the
AES encryption algorithm in CBC mode with a 128 bit key, combined with the Elephant diuser for additional disk encryption-specic
security not provided by AES.
Windows 10 does not support sysprep on a BitLocker encrypted device. Because of this limitation, you cannot encrypt the device, perform
a sysprep and pull the image. To overcome this issue, you must add or modify the TPM related script that handles TPM. The device must
not be encrypted before sysprep (pull). The device encryption is handled by the post push script that uses the TPM_enable script located
at C:\Windows\setup\tools\tpm\tpm_enable.ps1. This script must be included before enabling the UWF and after sysprep scripts. The PIN
used to encrypt the client must be passed to the script as an argument.
To use TPM and BitLocker, do the following:
1 Enable TPM from the BIOS menu.
2 Add/modify the TPM related part of the script, based on the type of imaging.
Image Push—LicenseActivation.ps1.
WSI Push—Admin2.ps1.
SCCM Push— AdminConfigMgr.ps1.
For example: During the SCCM push, the TPM related part in AdminConfigmgr.ps1 must be modied as follows:
#uncomment the below two lines and update the pin for TPM encryption for SCCM push
cd C:\windows\setup\Tools\TPM\
.\TPM_enable.ps1 -pin 1234
NOTE
:
If the client is encrypted previously, then do the following to clear the TPM.
1 Enter the BIOS mode.
2 In TPM conguration, set the Change TPM Status to Clear, and then apply the settings.
3 Reboot the device, and enter the BIOS mode again.
4 Set the Change TPM Status to Enable and Activate.
Using Custom Fields
To enter conguration strings for use by the WDM software, use the Custom Fields dialog box. The conguration strings can contain
information such as location, user, administrator and so on.
To enter the information for use by the WDM server:
1 Log in as an Admin.
2 On the Start Menu, click All apps, and then click Dell Thin Client Application.
The Dell Thin Client Application window is displayed.
3 On the left navigation bar, click Custom Fields.
4 Type the custom eld information in the custom eld boxes and click Apply.
The custom eld information is transferred to the Windows registry which is then available to the WDM server.
Admin
Specic Features 25