c. To save your changes, press the F10 key.
3. Restart the client to the OS. Verify that the OS has a separate system partition which contains the files needed to start the
client. By default the system partition is an active partition.
4. Launch the Services.msc (click the Services icon in the Component Services console), open the HAgent Properties dialog box
(double-click HAgent in the Name list of the Services window of the Component Services console), set the Startup type to
Manual, and then click the Stop button to stop the HAgent service.
5. On the Windows desktop, click Start menu → Run, type Gpedit.msc in the Open box, and then press the Enter key to open
the Local Group Policy Editor window.
6. To open the Require additional authentication at startup window, go to Local Computer Policy → Administrative Templates
→ Windows Components → BitLocker Driver Encryption → Operating System Drives → Require additional authentication
7. In the Require additional authentication at startup section, select the Enabled option and clear/uncheck the Allow BitLocker
without a compatible TPM option.
8. To open the Configure TPM platform validation profile window, go to Local Computer Policy → Administrative Templates →
Windows Components → BitLocker Driver Encryption → Operating System Drives → Configure TPM platform validation
9. In the Configure TPM platform validation profile section, select the Enabled option and clear/uncheck the PCR4, PCR5,
PCR8, PCR9 and PCR10 validation profiles.
10. Once the above policies are set, force update the policies using the gpupdate/force command or reboot the client.
11. On the Windows desktop, click Start menu → Run, type tpm.msc in the Open box, and then press the Enter key to open the
TPM Administration window (or you can click Start → Control Panel → BitLocker Drive Encryption → TPM Administration)
where you can verify that the Initialize TPM option is enabled; if this option is disabled, then clear the TPM by using the Clear
TPM option, reboot the client, and then repeat this step to verify that the Initialize TPM option is enabled. In some of the
clients, TPM is initialized by default.
12. After verifying that the Initialize TPM option is enabled, click Initialize TPM, and then reboot the client.
13. After reboot, TPM will be initialized and it involves enabling and taking ownership of TPM.
14. Now you can use the Turn On BitLocker link to turn on the BitLocker C drive encryption in the BitLocker Drive Encryption
Properties dialog box (Click Start menu → Control Panel → BitLocker Drive Encryption icon).
Whenever TPM is to be initialized, the client must be restarted because the security hardware must be initialized. Since
the security hardware must be initialized, a BIOS screen immediately displays prompting the user for confirmation.
Upon accepting, the security hardware is initialized. Then the TPM ownership must be taken by providing a password. It is
recommended that once a TPM is initialized, it is best not to change the state or disable it. Leaving the TPM initialized is not an
issue with Imaging, as Imaging is independent of TPM.
The options available for BitLocker Drive Encryption depend on the policy set. Since the Allow BitLocker without a compatible
TPM is not set/selected, the following BitLocker startup preferences are displayed when TPM is enabled, initialized and owned.
The CAD Tool allows administrators to map the Ctrl+Alt+Del key combination to VDI applications to display the Ctrl+Alt+Del screen
of the VDI application. Use the Ctrl+Alt+Del key combination instead of the following key combinations to display the Ctrl+Alt+Del
screen of the respective VDI application.
• Citrix: Ctrl+F1
• Dell vWorkspace: Ctrl+Alt+End
• RDP: Ctrl+Alt+End
• VMView: Ctrl+Alt+Insert
System Center Configuration Manager
To view and configure the Microsoft SCCM components installed on your thin client, use the Configuration Manager Properties.
To open Configuration Manager Properties dialog box, go to Start → Control Panel → Configuration Manager.