Bitlocker is a password centered disk encryption system built into Windows which encrypts your volumes and server platforms.
When your do a new deployment on a new computer with MDT you want automatically enable the TPM chip and encrypt the disk.
On 1 Feb 2012 a wrote an article about how to Enable TPM devices on HP Laptops trough MDT.
When you create a new client task sequence enable Bitlocker is default on.
After that I found a bug in MDT 2012 witch cost me al lot of time finding the answer.
MDT 2012 – Settings Per Task Sequence
So let’s begin.
Open Customsettings.ini
Change the following
[Settings]
Priority=Default
Properties=MyCustomProperty
to
[Settings]
Priority=TaskSequenceID, Default
Properties=MyCustomProperty
Add the following text.
[HP6560B] = TaskSequenceID in my Case
MachineObjectOU=ou=laptops,ou=ward,dc=wardvissers,dc=local
BdeInstallSuppress=NO
BDEDriveLetter=S:
BDEDriveSize=300
SkipBitLocker=NO
BDEInstall=TPM
BDERecoveryKey=AD
OSDBitLockerWaitForEncryption=TRUE
BDEKeyLocation=\\ward-bh01.wardvissers.local\Bitlocker$
And change the following SkipBitLocker=YES under [DEFAULT]
In my case on the OU Laptops I created the following Bitlocker Group Policy
Important:
Group Policy’s will break deployment’s