TMP enable package/Steps for MS surface Pro 7 during OSD


Hello All,

Need your help to enable bit locker for model Surface pro 7 during OSD, also failed installed driver using TS variable “SELECT * FROM Win32_ComputerSystem WHERE Model LIKE “%Surface%”” / SELECT * FROM Win32_ComputerSystem WHERE Model Like “%Surface pro%”/ SELECT * FROM Win32_ComputerSystem WHERE Model = “Surface pro 7”. I have user the command to get model “wmic csproduct get name”.




Answers ( 9 )


    After changing the command line driver installation success.
    To Enable bit locker (Testing purpose ) we have enable “Computer Configuration\Administrative Templates\Windows Components\Bitlocker Drive Encryption\Operating System Drives\ Enable use of Bitlocker authentication requiring preboot keyboard input on slates” and enable it from control panel. It’s worked.

    So we have to change the GPO to manage surface Pro device.

  1. Make sure you have downloaded the drivers based on Build Version which you have! For Ex- 18362

    Use the command msiexec /a “FilePath” /qb TARGETDIR=”OutputPath” to extract the drivers and check whether Firmware which showing missing is available or not!

    Note :- Change FilePath & Outputpath

    Add screenshots or generate logs for installation that will help you to identify

    Best answer

    Missing UEFI ! Indicating Firmware with exclamation mark inside device manager ?
    Tried to execute this msi manually & check whether all drivers has successfully installed or not.
    Manually also not installing UEFI drivers.

    Default Bitlocker step in place but yes i have to tried manually command. Will check it and reply back.

  2. Please raise query separably if you have multiple questions! That will help others to identify easily.


      Thanks for the guide. I have checked both the variable and query result returned with computer name. So i will try it again.

      Regarding Bit-locker existing TS having HP BIOS Configuration Utility to set BIOS configuration and Change to UEFI. So HP models are bit-locker completed successfully. But Surface pro we don’t have any utility to do the same kind of configuration.

      • I believe mostly all Surface Pro devices directly comes with UEFI & a compatible TPM, If you’re applying Bitlocker through Task Sequence steps! You can directly add and check.

        If you having any issue please update!


          WMI variable is working now with single cote ( ‘). also successfully installed the drivers but missing UEFI. From below link i have download the driver MSI file create SCCM package for installation.

          still bit-locker is non-encrypted.
          Do i need to follow any alternate way to achieve this ?


            Missing UEFI ! Indicating Firmware with exclamation mark inside device manager ?
            Tried to execute this msi manually & check whether all drivers has successfully installed or not.

            Are you thinking by installing drivers, devices will get bitlocked >> NO ! For Bitlocker you need to enable steps inside Task Sequence or add command line if you’re executing through Task Sequence.

            Try to manually run the command in your device and record your observation only for testing purpose!

  3. Hello Amit, What you getting as model name ?

    First try to validate the WMI query by opening WBEMTest from Surface Pro 7 devices.

    -Go to Start and type “WBEMTEST” into the search or run box.
    -Click on Query and type your query with model name to validate.

    For Example –

    Once you able to successfully validate, use the same query to identify driver models and update the result.

    + What challenges you have to enable Bitlocker ?

Leave an answer

Sorry, you do not have permission to answer to this question .