Enable Bitlocker with MDT

Bitlocker is a password centered disk encryption system built into Windows which encrypts your volumes and server platforms.

When your do a new deployment on a new computer with MDT you want automatically enable the TPM chip and encrypt the disk.

On 1 Feb 2012 a wrote an article about how to Enable TPM devices on HP Laptops trough MDT.

When you create a new client task sequence enable Bitlocker is default on.

After that I found a bug in MDT 2012 witch cost me al lot of time finding the answer.
MDT 2012 – Settings Per Task Sequence

So let’s begin.

Open Customsettings.ini

Change the following

[Settings]
Priority=Default
Properties=MyCustomProperty

to

[Settings]
Priority=TaskSequenceID, Default
Properties=MyCustomProperty

Add the following text.

[HP6560B] = TaskSequenceID in my Case
MachineObjectOU=ou=laptops,ou=ward,dc=wardvissers,dc=local
BdeInstallSuppress=NO
BDEDriveLetter=S:
BDEDriveSize=300
SkipBitLocker=NO
BDEInstall=TPM
BDERecoveryKey=AD
OSDBitLockerWaitForEncryption=TRUE
BDEKeyLocation=\\ward-bh01.wardvissers.local\Bitlocker$

And change the following SkipBitLocker=YES under [DEFAULT]

In my case on the OU Laptops I created the following Bitlocker Group Policy

image

Important:

Group Policy’s will break deployment’s

Leave a Reply

Translate »