How to Enable BitLocker with SCCM OSD

The hardware and software requirements for BitLocker are:

• A computer running Windows 7 Enterprise, Windows 7 Ultimate, or Windows Server 2008 R2.
• A TPM microchip, version 1.2, turned on for use with BitLocker on operating system drives is recommended for validation of early boot components and storage of the BitLocker master key. If the computer does not have a TPM, a USB flash drive may be used to store the BitLocker key.
• A Trusted Computing Group (TCG)-compliant BIOS for use with BitLocker on operating system drives.
• A BIOS setting to start up first from the hard drive, not the USB or CD drives.

Configuration Manager Task Sequence:

1. Create 2 Partitions under Partition Disk 0 Step:

1st Partition for BitLocker

• • Partition Name: BDE
  • Partition Type: Primary
  • Use specific size: 300 MB
  • Check Make this the boot partition
  • File system: NTFS (Quick Format)
  • Variable: BDEPART

2nd Partition for Operating System

• • Partition Name: OS
  • Partition Type: Primary
  • Use a percentage of remaining free space: 100%
  • File system: NTFS (Quick Format)
  • Variable: OSPART

2. Apply Operating System Step:

Select the location where you want to apply this operating system

• • Destination: Logical drive letter stored in a variable
  • Variable Name: OSPART

3. Add Run Command Line: Script to enable TPM / BIOS Password / Etc

4. Add Restart Computer Step

5. Enable BitLocker Step