We ended up using the Powershell command (Get-Bitlockervolume) in the task sequence, and the WMI command (That can run without Admin rights) when the QA is run outside the task sequence.
Thanks @Colin Ford for your help.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
The "Enable Bitlocker" task as been placed near the End of the Task Sequences, and the option to "Wait for Bitlocker to complete the drive encryption..." has been checked, but despite this we see that the task does not wait for the encryption to be completed before continuing to the nex task.
The result is that when the TS is completed, we run a QA script and the script still detects that the disk encryption is not complete.
But the process of encryption is running...
In the SMSTS.LOG we can see the Bitlocker task which runs in less than a few seconds and moves on to the next task.
So it doesn't wait for encryption to finish even if the option has been checked !!
Has anyone ever encountered this ?
(SCCM Version 1910)
We ended up using the Powershell command (Get-Bitlockervolume) in the task sequence, and the WMI command (That can run without Admin rights) when the QA is run outside the task sequence.
Thanks @Colin Ford for your help.
A few questions
-Colin
It is on all model computer.
Here is the step with the option activated:
And this is where the step is running in the SMSTs.log:
That looks like an extract from an exported task sequence's object.XML. smsts.log is generated on the local device when you build a machine, and you should find it in C:\Windows\ccm\logs right after you build a machine. If you open it with cmtrace.exe it will let us see whether the action is even running or returning an error.
Sorry, my mistake, I did not share the correct section of the SMSTS.log. Thanks you, you guided me to the correct section... Here it is (Attachment). Maybe the problem is not with the TS... we have a QA script executed at the end of the sequence, this script validates if Bitlocker is active and the disk is fully encrypted. If this script is executed after the TS in a user session, it does not report any error, but it seems that when executed in the TaskSequence it does not detect that the disk is completely encrypted.
The command used in the script is:
if(Get-WmiObject -Class win32_battery){If ((New-Object -ComObject Shell.Application).NameSpace('C:').Self.ExtendedProperty('System.Volume.BitLockerProtection') -eq "1"){Return "Activé"}Else{Return "False"}}Else{Return "Non requis (Il ne s'agit pas d'un portable)"}
I will test it while the TS is running to see if it return the correct value...