How to Enable BitLocker with SCCM OSD

The hardware and software requirements for BitLocker are:

  • A computer running Windows 7 Enterprise, Windows 7 Ultimate, or Windows Server 2008 R2.
  • A TPM microchip, version 1.2, turned on for use with BitLocker on operating system drives is recommended for validation of early boot components and storage of the BitLocker master key. If the computer does not have a TPM, a USB flash drive may be used to store the BitLocker key.
  • A Trusted Computing Group (TCG)-compliant BIOS for use with BitLocker on operating system drives.
  • A BIOS setting to start up first from the hard drive, not the USB or CD drives.

Configuration Manager Task Sequence:

1. Create 2 Partitions under Partition Disk 0 Step:

1st Partition for BitLocker

    • Partition Name: BDE
    • Partition Type: Primary
    • Use specific size: 300 MB
    • Check Make this the boot partition
    • File system: NTFS (Quick Format)
    • Variable: BDEPART

2nd Partition for Operating System

    • Partition Name: OS
    • Partition Type: Primary
    • Use a percentage of remaining free space: 100%
    • File system: NTFS (Quick Format)
    • Variable: OSPART

2. Apply Operating System Step:

Select the location where you want to apply this operating system

    • Destination: Logical drive letter stored in a variable
    • Variable Name: OSPART

3. Add Run Command Line: Script to enable TPM / BIOS Password / Etc

4. Add Restart Computer Step

5. Enable BitLocker Step

Comments

  • Anonymous
    January 01, 2003
    I'm getting Error 50 in the last step: The request is not supported. The TPM chip is enabled ..

  • Anonymous
    January 01, 2003
    Hi Paul, I was wondering if you could provide a starting point for the script required to enable to TPM / BIOS password etc... Thanks.

  • Anonymous
    May 28, 2010
    This is a great post, and beggars can't be choosers.  However, it would be helpful to have a starting point for the script to enable the TPM.

  • Anonymous
    October 25, 2010
    Look at this for DELL and HP: itbloggen.se/.../enable-tpm-via-task-sequence-on-hp-boxes.aspx

  • Anonymous
    November 12, 2010
    Can we enable Bitlocker on additional drives? Please explain all require steps

  • Anonymous
    October 10, 2012
    The comment has been removed