Hi All,
I'm currently working for a client who requires a secure build, we are following guidelines which require the use of EMET and Bitlocker.
We're deploying Win 7 Enterprise Machines via SCCM, we're then installing EMET 5.51 during the TS (Intending on managing EMET via GPO's), Turning TPM on/ Enabling etc, taking ownership then enabling bitlocker with TPM and PIN.
This all works just fine, up until the point of a GPupdate when the EMET policies are applied (We believe it is DEP that is killing bitlocker) then on next reboot we are prompted for they recovery key...obviously this is not ideal in an enterpise deployment!
We have tried manually setting DEP via cmdline in the task sequence PRE bitlocker, but any GPO's (Even with DEP as not configured) still seems to overwrite the settings and make changes to the BCD....
Maybe I'm missing something really obvious, I'm not sure any help would be great!
Cheers,