ADDS: Enabling BitLocker in SCCM Task Sequence (PART2)

In the previous article, we configured the SCCM TS to enable BitLocker on the machine. Now, following these steps, you will configure a BitLocker GPO and TPM recovery information will be stored into Active Directory.

Open the ADDS MMC and go to:

  • Computer Configuration
  • Policies
  • Administrative Templates
  • Windows Components
  • BitLocker Drive Encryption
  • Operating System Drives

Enable the Choose how BitLocker-protected operating system drives can be recovered policy:


Enable the Configure TPM platform validation profile for native UEFI firmware configurations policy:


And the last step: Enable the Turn on TPM backup to Active Directory Domain Services policy:

  • Computer Configuration
  • Policies
  • Administrative Templates
  • System
  • Trusted Platform Module Services


Don’t forget to add the BitLocker Drive Encryption Administration Utilities to see the information that is being stored in ADDS.



Now you can use the SCCM TS to deploy your machine and check that BitLocker is enabled.

About Nicolas 248 Articles
I work as a System Engineer, based in Switzerland with a primary focus on Microsoft technologies. I have 8 years experience in administering Windows Servers. . I am a Microsoft MVP for Cloud & Datacenter Management. I also received the PowerShell Hero 2016 award by PowerShell.0rg. And finally, I am "MCSE: Cloud Platform and Infrastructure", "MCSA: Windows Servers", "Administering & Deploying SCCM", and CheckPoint CCSA certified.