by providing encryption for entire volumes. By default it uses the AES encryption algorithm in CBC mode
with a 128 bit key, combined with the Elephant diffuser for additional disk encryption-specific security not
provided by AES.
Windows 10 does not support sysprep on a BitLocker encrypted device. Because of this limitation, you
cannot encrypt the device, perform a sysprep and pull the image. To overcome this issue, you must add
or modify the TPM related script that handles TPM. The device must not be encrypted before sysprep
(pull). The device encryption is handled by the post push script that uses the TPM_enable script located
at C:\Windows\setup\tools\tpm\tpm_enable.ps1. This script must be included before enabling the UWF
and after sysprep scripts. The PIN used to encrypt the client must be passed to the script as an argument.
To use TPM and BitLocker, do the following:
1. Enable TPM from the BIOS menu.
2. Add/modify the TPM related part of the script, based on the type of imaging.
Image Push—LicenseActivation.ps1.
WSI Push—Admin2.ps1.
SCCM Push— AdminConfigMgr.ps1.
For example: During the SCCM push, the TPM related part in AdminConfigmgr.ps1 must be
modified as follows:
#uncomment the below two lines and update the pin for TPM encryption for
SCCM push
cd C:\windows\setup\Tools\TPM\
.\TPM_enable.ps1 -pin 1234
If the client is encrypted previously, then do the following to clear the TPM.
1. Enter the BIOS mode.
2. In TPM configuration, set the Change TPM Status to Clear, and then apply the settings.
3. Reboot the device, and enter the BIOS mode again.
4. Set the Change TPM Status to Enable and Activate.
Configuring Bluetooth Connections
You can use your thin client device with other Bluetooth-enabled devices, if it has Bluetooth capability.
To retain your settings, disable the Unified Write Filter (UWF) and configure NetXClean. For more
information, see Before Configuring your thin clients.
To configure your thin client for Bluetooth Connections:
1. Log in as an Admin.
2. Click Start MenuAll appsControl PanelDevice Manager.
The Device Manager window is displayed.
3. Expand Bluetooth Radios and double-click any Bluetooth icon. For example, double-click Generic
Bluetooth Radio to manage the existing Bluetooth device. You can also update the drivers in the
Update tab.
