SCCM2012: Enabling BitLocker in SCCM Task Sequence (PART1)

This blog post will show you how to configure BitLocker for Windows 10 using SCCM. The task sequence will perform two tasks:

  • The SCCM task sequence will create multiple partitions on the hard drive.
  • The SCCM task sequence will use a TPM chip to store the bitlocker protector

In the next article, we will configure Active Directory for BitLocker.

First, check on your laptop or Microsoft surface the status on the TPM chip, it must be enabled.

Now open the SCCM console and go to:

  • Software Library
  • Operating Systems
  • Task Sequences
  • And edit your task sequence

Add the following steps:

  1. “Partition Disk” 

bitlocker3

        2. “Pre-Provision BitLocker”

bitlocker1

3. “Enable BitLocker”. Select “TPM Only” if you don’t want a startup key or PIN. And select where the recevory key will be stored. (ADDS is recommended).

bitlocker

For all these steps, use the following condition: “_SMSTSBootUEFI” equals “True”

bitlocker2

About Nicolas 282 Articles
I work as an IT Production Manager, based in Paris (France) with a primary focus on Microsoft technologies. I have 10 years experience in administering Windows Servers. . I am a Microsoft MVP for Cloud & Datacenter Management. I also received the PowerShell Hero 2016 award by PowerShell.0rg. And finally, I am "MCSE: Cloud Platform and Infrastructure", "MCSA: Windows Servers", "Administering & Deploying SCCM", and CheckPoint CCSA certified.