cancel
Showing results for 
Search instead for 
Did you mean: 
Misterfountain
Level 1
9 4 0 0
Message 1 of 3
677
Flag Post

Using bitlocker with HP Easy Shell on thin client

HP Recommended
t630
Microsoft Windows 10 IOT

We are using HP t630 thin clients with Windows 10 IoT and HP Easy Shell. 

The organisation requires that al portable storage devices need te be bitlocker encrypted.

Storage devices are forwarded to Citrix just fine, also encrytping new devices works, user is getting the bitlocker options from Windows 10 IoT.

What not works is when a user is pluging in his bitlocker encrypted device, he does not get the Window for entering the password, the device is mapped in Citrix but is not accessable.

 

The problem is that HP Easy Shell is replacing explorer.exe and I think the bitlocker password Window needs Explorer.exe to work.

 

I tryed a workarround using a powershell script for unlocking devices but it needs administrator rights and that's not an option.

 

Are there other solutions?

 

 

 

2 REPLIES 2
Misterfountain
Author
Level 1
9 4 0 0
Message 2 of 3
Flag Post
HP Recommended

After some further investigation I found a workable solution, it's not perfect but it gives the user the possibility to unlock a bitlocked storage device.

 

I made a new program in Easy Shell that launches bdeunlock.exe with argument 😧 (every storage device you plug in will be drive D)

The user has to plug in his storage device and run the program to get the password window before he starts his Citrix workspace.

 

The possible cons of this solution:

- it's not possible to automatically start the Citrix workspace full screen

- The user must plug in and unlock his storage device beforce he starts his Citrix workspace

 

you can overcome these cons by giving the user the option to minimize his workspace and go back to the HP Easy Shell.

0 Kudos
Misterfountain
Author
Level 1
9 4 0 0
Message 3 of 3
Flag Post
HP Recommended

OK forget the last workarround, I have the perfect working solution.

I made a PowerShell script that runs when WIndows 10 starts bij placing it in the startup dir.

The script is constantly listening in the background if USB storage devices are connecting to a USB port. When that happens it captures this and it will trigger bdunlock.exe witch will give the user a Bitlocker unlock screen to enter password.

 

Save this to a .ps1 file en make shure is starts when Windows starts.

 

Register-WmiEvent -Class win32_VolumeChangeEvent -SourceIdentifier volumeChange
Write-Host (Get-Date -Format s) " Beginning script..."
do{
$newEvent = Wait-Event -SourceIdentifier volumeChange
$eventType = $newEvent.SourceEventArgs.NewEvent.EventType
$eventTypeName = switch($eventType)
{
1 {"Configuration Changed"}
2 {"Device Arrival"}
3 {"Device Removal"}
4 {"Docking"}
}
Write-Host (Get-Date -Format s) " Event detected = " $eventTypeName
if ($eventType -eq 2)
{
$driveLetter = $newEvent.SourceEventArgs.NewEvent.DriveName
Write-Host (Get-Date -Format s) " Drive name = " $driveLetter
# Execute process if drive matches specified condition(s)
if ($driveLetter -eq 'D:')
{
Write-Host (Get-Date -Format s) " Starting task in 3 seconds..."
Start-Sleep -Seconds 3
Start-Process bdeunlock.exe 😧
}
elseif ($driveLetter -eq 'E:')
{
Write-Host (Get-Date -Format s) " Starting task in 3 seconds..."
Start-Sleep -Seconds 3
Start-Process bdeunlock.exe E:
}
elseif ($driveLetter -eq 'F:')
{
Write-Host (Get-Date -Format s) " Starting task in 3 seconds..."
Start-Sleep -Seconds 3
Start-Process bdeunlock.exe F:
}
elseif ($driveLetter -eq 'G:')
{
Write-Host (Get-Date -Format s) " Starting task in 3 seconds..."
Start-Sleep -Seconds 3
Start-Process bdeunlock.exe G:
}
}
Remove-Event -SourceIdentifier volumeChange
} while (1-eq1) #Loop until next event
Unregister-Event -SourceIdentifier volumeChange

0 Kudos
Warning Be alert for scammers posting fake support phone numbers and/or email addresses on the community. If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation