Hi All,
I have successfully deployed BitLocker via SCCM 2012 OSD task sequence via the following process.
- Copy registry settings from the HKLM\Software\Polices\Microsoft\FVE registry hive in to the target computer
- Activate C:\ via the built in SCCM task 'Enable BitLocker' with settings to use TPM and save to AD
- Activate D:\ via a batch script that runs the following commands
manage-bde -autounlock -enable D:
manage-bde -on RecoveryPassword D:
My question is - should I be able to use the Enable Bitlocker SCCM task to enable a specific drive, and select the the D:\ - my task sequence fails when I do this.
Is this how other people enable BitLocker on Fixed Drives?
Also, if I use the MDT 'cscript.exe "%deployroot%\scripts\ZTIBde.wsf" /UDI' it doesn't seem to start BitLocker even if I manually set the OSDBitLockerMode task sequence variable to 'TPM' - which in my mind would be the alternative way to do things. The UDI has the BitLocker pane removed so I assume I must set the variable manually.
It is actually working so I am happy in that regard, but I would like to know other people's experience in setting Fixed Drives with BitLocker.
Kind regards,
Michael