WinPE Imaging and TPM

Hello everyone,

I thought I'd write this up and share an issue I've been having with the switch to WinPE based Zenworks imaging (ZCM 17.3) from Linux based imaging.

Since day one (approx. 18 months ago), I was struggling with imaging particular models. Some models were imaging, some were failing with "Cannot read from archive" or "Could not connect to server".

After overcoming the "Could not connect to server" issue by adding drivers to my winpe.wim file, half of the models in our fleet were failing to apply WinPE based Zenworks preboot bundles with "Error: Error reading from archive". I outlined more about this here:

In attempt to overcome this, I changed my preboot bundles from Zenworks image bundles to WinPE imaging scripts, as I found that using diskpart to clean the disk and create a single partition prior to applying image files worked. More info here:

This left me stumped for ages. Until one day I noticed that several devices' C: drives were BitLocker enabled. At first, I thought that it was kids messing around with the systems (school environment) and enabling it somehow. But then it struck me:

Upon first boot after applying a Windows 10 image, Windows was detecting the TPM (Trusted Platform Module) within that device and automatically started encrypting the C: drive.

New devices out of the box were imaging perfectly for the first time with hardware rules, but once you tried to re-image the device via WinPE, it was failing due to the volume being encrypted and therefor it couldn't write to it.

Disabling TPM in the BIOS has solved this for me.

P.S. Interesting how this wasn't an issue with Linux based imaging!