Important! – MEMCM enabling BitLocker during OSD post 2103

I have always liked Microsoft BitLocker Administration and Monitoring(MABM) as it provides us with additional functionality compared to saving the BitLocker recovery key in Active Directory. MBAM brings us for example:– Protection against accidental deletion of AD computer object (Separate DB)– Key rotation– Self-Service– Role based access to Recovery Keys– Compliance reporting – Escrowing TPM

MBAM TPM Password Hash and Windows 10 1607

In Windows 10 1607 the TPM Password Hash is no longer accessible from within windows. This is design change to increase the Security in windows 10 which you can read more about here: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/change-the-tpm-owner-password Quote: “Starting with Windows 10, version 1607, Windows will not retain the TPM owner password when provisioning the TPM. The password