![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 85%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVR%3C/text%3E%3C/svg%3E)
1,544 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 62%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
@vinod reddy , Thanks for posting in our Q&A.
For your questions, here are my answers for your reference:
Q1: Set Boot Order to Hard Drive first and Enable TPM with PowerShell scripts.
A1: In general, We can change the boot priority in bios and you can manually set it to start with the hard disk first. We can manage TPM through the PowerShell script in the task sequence, provided that TPM has been enabled in the bios, if not, we can’t use PowerShell to enable TPM, but If your device manufacturer provides a corresponding program to change the bios, we can use task sequence to execute this program, maybe you can contact the OEM to check if your device can support it. Here is an article for your reference: https://social.technet.microsoft.com/wiki/contents/articles/25736.sccm-2012-r2-enabling-tpm-for-bitlocker-protection-on-hp-laptops-during-osd.aspx#Step_1_Enable_the_TPM.
About how to manage the TPM using Windows PowerShell, you can refer to this article:https://learn.microsoft.com/en-us/powershell/module/trustedplatformmodule/.
Q2: Prompt for Username and that user should be set as Primary User of that device.
A2: Do you have the PXE tab on your DP configured to enable user assignments? Please check the User device affinity setting.
https://learn.microsoft.com/en-us/mem/configmgr/core/servers/deploy/configure/install-and-configure-distribution-points#bkmk_config-pxe
Q3: MDT has already created steps for branding and copying log files to network share. Will these be doing the job without having to modify them?
A3: Yes, they can do the job without modification.
Hope the above information can help you and if there’s any update, feel free to let us know.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.