Dell Wyse 5070 Windows 10 IoT Enterprise for Wyse Thin Clients Administrator s - Page 24
Managing services, Using TPM and BitLocker
View all Dell Wyse 5070 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 24 highlights
In the Component Services console, click the Event Viewer icon from the Console Root tree. The summary of all the logs of the events that have occurred on your computer is displayed. For more information, see Event Viewerat https://support.microsoft.com. Managing services To view and manage the services installed on the thin client device, use the Services window. To open the Services window, go to Start > Control Panel > Administrative Tool Services. Steps 1. In the Component Services console, click the Services icon from the console tree. The list of services is displayed. 2. Right-click the service of your choice. You can perform Start, Stop, Pause, Resume, and Restart operations. You can select the Startup type from the drop-down list: • Automatic (Delayed Start) • Automatic • Manual • Disabled For more information, see Component Services Administration at https://support.microsoft.com. NOTE: Ensure that the Write Filter is disabled while managing the services. Using TPM and BitLocker Trusted Platform Module (TPM)-A TPM is a microchip that provides basic security-related functions, that primarily involve encryption keys. BitLocker Drive Encryption (BDE)-A BDE is a full disk encryption feature that protects data by providing encryption for entire volumes. By default, it uses the AES encryption algorithm in Cipher Block Chaining (CBC) mode with a 128-bit key. This algorithm is combined with the Elephant diffuser for extra disk encryption-specific security. Windows 10 IoT Enterprise does not support sysprep on a BitLocker encrypted device. Due to this limitation, you cannot encrypt the device, perform a sysprep, and pull the image. To overcome this issue, you must add or modify the TPM script. The device must not be encrypted before sysprep (pull). The device encryption is handled by the post push script that uses the TPM_enable.ps1 script that is at C:\Windows\setup\tools\. The post push script must be included before enabling the UWF and after sysprep scripts. The PIN used to encrypt the client must be passed to the script as an argument. You can initialize TPM and enable BitLocker using any of the following methods: • Initialize TPM and enable BitLocker using the imaging script. • Initialize TPM and enable BitLocker manually. Initialize TPM and enable BitLocker using the imaging script Prerequisites Enable alphanumeric pin support for TPM and BitLocker using the following steps: 1. Log in to the administrator account. 2. Disable Unified Write Filter. The thin client restarts. 3. Log in to the administrator account again. 4. Open gpedit.msc using the run command menu. 5. Go to Local Group Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives > Allow enhanced PINs. The Allow enhanced PINs for startup window is displayed. 6. Select the Enabled option. 24 Administrative features