Share via

Adding to a device collection - OSD Task Sequence

wW W 1 Reputation point
2021-04-12T17:11:41+00:00

I am deploying Bitlocker management with Endpoint Configuration Manager build 2010. The task sequence works great for setting up bitlocker. I created a step in the task sequence just before the finish of the OSD Results and Branding that adds the system to the collection. I can see in the log files as well as the management console that it is adding the device to the collection. The device us then removed from the collection either after the task sequence finishes or when a user logs into the machine.

The issue I am having is I want to add new computers to the collection that has the bitlocker managment policy applied to it. Dynamic collections don't work as they require the collection to be updated each time a new computer is imaged and created ( For example a Windows 10 collection).

Is there a way to get new computers to apply/added to a bitlocker policy collection so that my techs don't have to manually add them (or use a PS script) once the computer is imaged?

Microsoft Security Intune Configuration Manager Deployment
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Amandayou-MSFT 11,156 Reputation points
    2021-04-13T08:59:07.09+00:00

    Hi @wW W ,

    We could add the command line of reg add to mark the computer has not been applied by the Bitlocker management policy, please refer to the following picture:

    87332-413.png

    About the reg add, please refer to this article:
    https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/reg-add

    And then we could use query rule to check which these computer are compliant.

    87300-4131.png

    Finally, please run the reg delete to clear a subkey or entries from the registry, about the reg delete , please refer to this article:
    https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/reg-delete

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. wW W 1 Reputation point
    2021-04-13T13:39:13.15+00:00

    The issue we are having is not adding it to the collection. I have a powershell script that just before the end of the OSD task sequence it adds the new device to the correct collection. I can see it added to the collection.

    The issue is that after the task sequence is finished, the device is removed from the collection.

    The bitlocker collection has a limiting collection requirement of all systems so that shouldn't be the issue. Once the computer is done. I can manually add it to the collection again either through a powershell script or through the console. I'm trying to eliminate the need to manually have to add new devices to the collection.

    Making them part of a dynamic collection that receives the policy is not an option as we are required to certify that systems leaving the IT department are fully encrypted for HIPPA compliance.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.