Automate and Enable TPM and Bitlocker setup for MBAM endpoints


We are finalizing our setup for MBAM and deployment to our Dell workstations/laptops.  We have found that the TPM portion along with MBAM client install takes about 5 steps for the MBAM GPO to be enforced.  Is there a way to script or automate this whole process?  We do have SCCM, but not familiar with building a scheduled task or VBS script so it will work.  We have researched some on the Dell CCTK utility and also here, but need some assistance with steps.

Thanks in advance for your assistance.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
Firstmost, TPM needs to be active in order for the MBAM to work. Quite tough to fully automate all process but this link has the overall summary on what needs to be done with integrated SCCM. I encourage you to go through the step links, start off with the first one which is using the two VB scripts, ZTIPrepareBDE.wsf  and StartMBAMEncryption.wsf. The last step is to make sure the enforcement is consistent via the configured MBAM GPO object to an organizational unit where the computer objects reside in.
(1) Integrate MBAM with SCCM 2012 R2
(2) Extend Hardware Inventory
(3) Group and Account Creation (4) Install MBAM and Configure System Center Configuration Manager Integration
(5) Install Databases
(6) Install Reports
(7) Add MBAM Client to SCCM 2012 R2
(8) Add Group Policy Administrative Templates
(9) Define MBAM Group Policy Object

Otherwise the past mean w/o MBAM is via PS and WMI based scripting  - which you unlikely interest you but they are scripted to automate the process like this below and it shared a PS package that make query more straightforward (rather than multiple calls)

...and the EnableBitLocker.vbs sample script is an old instance to automate the deployment and configuration of BitLocker Drive Encryption that most rely on w/o MBAM existence yet. fact, the script can be leveraged a startup script that is applied using GPO settings or a software distribution tool, SCCM stated

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
miklieAuthor Commented:
Thanks for clarifying on what is needed to proceed, and also which scripting.  Very helpful.
btanExec ConsultantCommented:
You are welcome, thanks!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Laptops Notebooks

From novice to tech pro — start learning today.