Fellow myITforum blogger Brandon Linton has created a nice post on how to capture and restore USMT data when you are using a 3rd party encryption tool instead of bitlocker. There are typically challenges around this since you usually can’t do a straight up refresh with the 3rd party encryption activated like you would be able to if you were using bitlocker.
Here is a snippet:
Ok a lot of us are forced to implement full disk encryption and unfortunately most of the time our input into the solution is never requested. So ConfigMgr & MDT have built-in actions to handle HDD Encryption by disabling the protectors etc.. Third party products generally don’t provide these means as its considered a security risk. So the challenge is how do i perform a computer refresh to my computer systems that are encrypted? Well you could painfully decrypt the HDD but that would take hours. You could even just blow the system away and not worry about the data if your policies allowed for that. But for us suckers who care about our users or are forced to care about our users!
We have to come up with a solution that will work, which brings us to the purpose of this blog posting.
We will use a Client Replace Task Sequence to gather the data, then we will use another task sequence that is MDT Integrated to Refresh the system as a bare metal New computer deployment and restore the data.
Leave a comment