I guess everyone knows that you can’t enable BitLocker on a machine from a Task Sequence if there is a CD in the CD drive… The workaround is quit simple, just run a script to eject the cd drive before running the “enable BitLocker” step.

Well the other day this script, a vbs, I use, was removed by Forefront.. I guess the heuristic scan evaluated the content of the script to be unsafe, and quarantined it.. This is obviously not good, as it’s needed by the task sequence… So I thought, maybe there is a way to eject the CD without the need of a script, so I don’t have to convince the FEP admin to make an exception allowing this script to be present.

And what do you know, once again PowerShell to the rescue.. Just run this command from a “Run Command Line” step, and the CD will eject!

Powershell ((New-Object -ComObject "WMPlayer.ocx").cdromCollection).Item(0).Eject()

image 

Because the command is executed without the need of a script you don’t even have to worry about PowerShell script execution policies…