Is there a way to change the default encryption method from '128-bit with Diffuser' to '256-bit with Diffuser'? We have a requirement to have the 256-bit encryption being used as part of the SCCM Task Sequence using MBAM. I had assumned that by adding the entry below to the AddMBAMRegEntries.reg file (as described in the article http://blogs.technet.com/b/deploymentguys/archive/2012/02/20/using-mbam-to-start-bitlocker-encryption-in-a-task-sequence.aspx) that this would take effect but it doesn't seem to work: "EncryptionMethod"=dword:00000002 Does anyone know if it is possible to do this using MBAM as part of a SCCM Task Sequence?Jonathan Conway | My blog: Conway's IT Blog | Twitter: jonconwayuk | Linkedin: Jonathan Conway Jonathan Conway | MCITP: Enterprise Administrator MCP MCSE 2003 MCTS SCCM 2007, Windows 7 Config & Deploying VCP

I have managed to resolve this myself. In the Task Sequence (just before the Enable Bitlocker task) add a Command Line TS item that runs the following command: reg add HKLM\SOFTWARE\Policies\Microsoft\FVE /v EncryptionMethod /t REG_DWORD /d 2 /f This isn't the same location as the other values added under 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM' but the MBAM client still recognises the value and encrypts the drive using 256-bit with Diffuser regardless.Jonathan Conway | My blog: Conway's IT Blog | Twitter: jonconwayuk | Linkedin: Jonathan Conway Jonathan Conway | MCITP: Enterprise Administrator MCP MCSE 2003 MCTS SCCM 2007, Windows 7 Config & Deploying VCP

Hi, Im glad to hear your issue has been resolved. Hope your experience will help other community members facing similar problems. Regards, Leo Huang TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Leo Huang TechNet Community Support