none
Pre-provisioning bitlocker and deploying Windows 7 Enterprise supported by Microsoft?

    Question

  • Pre-provisioning of bitlocker is a great new feature in ConfigMgr 2012 SP1, but since I have no plans to deploy Windows 8 in the near future I have some questions regarding the feature.

    Does anyone know if it's officially supported by Microsoft to use pre-provisioning of bitlocker with deployment of Windows 7 Enterprise? Everything seems to work, but isn't encrypting only used space a feature of Windows 8? How will Windows 7 manage this after deployment?


    Carl


    • Edited by CalleW Monday, March 25, 2013 6:01 PM
    Monday, March 25, 2013 5:57 PM

All replies

  • don't think its supported in windows 7, but you made me curious to know the correct answer...

    Monday, March 25, 2013 6:22 PM
  • WinPE 4 from ADK which is required for Configuration Manager 2012 SP1 supports bitlocker provisioning and that works for both Windows 7 and Windows 8. I've tested both and both work just fine as you can see here.


    Step by Step Configuration Manager Guides > 2012 Guides | 2007 Guides | I'm on Twitter > ncbrady

    Monday, March 25, 2013 9:18 PM
  • Niall, is this based on your own findings or has Microsoft confirmed to you that this is in fact a supported configuration? I'm just wondering how Windows 7 can continue to encrypt only the used space after deployment when it's a Windows 8 feature.

    I would just like to know if a workstation deployed like this is as secure as one that is deployed the old fashioned way (encrypting the whole drive after deployment).


    Carl

    Tuesday, March 26, 2013 7:17 AM
  • hi Carl,

    I've asked for comment from the PG and if I get a response I'll let you know,

    cheers

    niall



    Step by Step Configuration Manager Guides > 2012 Guides | 2007 Guides | I'm on Twitter > ncbrady

    Tuesday, March 26, 2013 12:42 PM
  • any update Niall?
    Thursday, April 04, 2013 8:06 AM
  • I've tested pre-provisioning succesfully on Windows 7 SP1 ent as well. It uses Used Disk Space Only encryption method. I'm waiting for an answer whether it is supported. Fingers crossed because effectively this configuration could save us a lot of operational costs.
    Monday, April 08, 2013 7:54 AM
  • I've asked but not got an official supported answer yet,

    what we do see as supported by Microsoft officially is Windows 8 so if you want to go by whats written in stone then confine yourself to Windows 8, if you have the ability to be more flexible use windows 7 but be aware that there may be some gothcas.



    Step by Step Configuration Manager Guides > 2012 Guides | 2007 Guides | I'm on Twitter > ncbrady

    Tuesday, April 09, 2013 7:40 AM
  • Just noticed that if you look at the "description" of the "Pre-provision BitLocker" Task Sequence step, it states:

    "This action requires the computer to have a Trusted Platdorm Module (TPM) enabled. You must deploy at least the minimum operating system versions of Windows 7 to pre-provision BitLocker"

    Clearly this should be a indicator that it in fact IS supported.


    Carl


    • Edited by CalleW Tuesday, April 09, 2013 7:49 AM
    Tuesday, April 09, 2013 7:48 AM
  • good point, i'll bounce the mail back to them with that info thanks


    Step by Step Configuration Manager Guides > 2012 Guides | 2007 Guides | I'm on Twitter > ncbrady

    Tuesday, April 09, 2013 8:01 AM
  • Definitely supported on Windows 7 - Michael Niehaus stated this during MMS 2013 in his "What's New With Microsoft Deployment Toolkit 2012 Update 1" session.

    Jonathan Conway | My blog: Conway's IT Blog | Twitter: jonconwayuk | Linkedin: Jonathan Conway

    MCITP: Enterprise Administrator on Windows Server 2008/Enterprise Desktop Administrator on Windows 7 • MCP • MCSE 2003 • MCTS SCCM 2007, Windows 7 Config & Deploying • VCP

    Wednesday, August 07, 2013 10:39 AM