none
bitlocker and mdt 2013 RRS feed

  • Question


  • Hello,

    I am enabling bitlocker in my MDT deployment using the code below in the CS.ini as well as enabling the bitlocker step in the task sequence, this config does half the job for me. I am hoping someone can help with the rest, below are my current and desired results.

    Current Result: Bitlocker begins on the HD, the recovery key is copied to the share drive. However my finish action is to reboot and if I do that bitlocker prompts for the recovery key. I need to be able to reboot the computer while bitlocker is running and not prompt for the recovery key.

    Desired Result: Bitlocker begins, the recovery key is copied to the shared drive, and I can reboot the computer as many times as I want while bitlocker is running without prompting me for recovery key.

    [Laptop-True] 
    SkipComputerName=Yes
    OSDComputerName=%AssetTag%  
    BDEInstall=TPMKey
    BDEInstallSuppress=NO
    BDEWaitForEncryption=FALSE
    BDEDriveSize=3000
    BDEDriveLetter=S:
    BDERecoveryKey=AD
    BDEKeyLocation=\\server\share

    BDEAllowAlphaNumericPin=YES

    Wednesday, June 10, 2015 5:31 PM

All replies

  • Can you give some more details on how you are kicking off MDT?

    Maybe post a relevant bdd.log to OneDrive and sharing it?

    Things I know can cause BitLocker to go into recovery mode:

    1. Possible boot options change (boot order or boot options such available boot media or no longer available boot media)
    2. BIOS change (either upgrade or settings)

    You might be able to pause bitlocker before any reboot steps and then resume later

    manage-bde -protectors -disable %systemdrive%
    
    manage-bde -protectors -enable %systemdrive%


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    Wednesday, June 10, 2015 5:58 PM
    Moderator