I'm not a security/AV person but desktop deployment specialist, so forgive my lack of knowledge. Looking for some advice regarding OSD and app control (Solidcore).. We use SCCM and MDT at my company and our OSD works great, deploying all software including McAfee Agent & VSE during the task sequence. Since enabling solidcore I notice that when built the computer goes into solidifying mode and maxes the CPU for easily over an hour, sometimes 3, 4..5. Given I know the image I am deploying is 'clean' is there anything I can do to stop solidfication, essentially just enabling the system as solidified from the outset. Alternatively, is it possible to 'preprovision'? To give an example: I pre-provision BitLocker prior to running the main task sequence steps such as install OS and core apps, at the very end I just switch on BitLocker and the drive is encrypted. Alternatively, is there anything I should be asking the security team to do specifically? I've asked but the answer has been no. It seems crazy that I can't give a user a fresh laptop until solidfication has completed and the CPU has returned to normal, which - given hardware - could be several hours. What do others do in this situation?
Any pointers would be great..