none
BitLocker Enable on non-domain Join machines, MDT 2013 update 2 RRS feed

  • Question

  • Hello,

    I'm deploying Win 10 Enterprise on standalone machines using MDT and trying to enable Bitlocker during my deployment to encrypt OS drive (the only partition I have), TPM is enable in BIOS, and i'm trying to store recovery keys on the deployment share, here is my cs.ini :

    SkipBitLocker=YES

    BDEInstall=TPM

    BDEInstallSuppress=NO

    BDEDriveSize=300  ------- i tried 2000 as well ---

    BDEWaitForEncryption=False

    BDERecoveryKey=AD

    BDEKeyLocation=\\SERVER\DeploymentShare\Recoverykeys

    TPMOwnerPassword=XXXXX ------- tried with and without this line --------

    I left the BitLocker step enable in TS (default). the deployment is finishes and never initiate the encryption.  

    hint:  enable Bitlocker manually is working fine. Machines are Intel NUC kit. 

    Any ideas ? thanks in advance. 

    • Edited by aljaf Monday, December 19, 2016 10:43 PM
    Monday, December 19, 2016 10:42 PM

Answers

All replies

  • You need to be domain joined to be able to save your key to active directory. Save the key elsewhere.

    Many questions such as where do I find logs and what logs are interesting are found in: MDT TechNet Forum - FAQ & Getting Started Guide Please take the time to read it. Also if you don't post logs your problem won't be easily solved.


    Tuesday, December 20, 2016 3:40 AM
    Moderator
  • So, you mean it's not possible to invoke BL on those non domain machines, I specified the Recovery keys location on the deployment share in my CS.ini , where else do i need to the network path.

    thanks for the advise.

    Tuesday, December 20, 2016 4:46 AM
  • Look at your CS.ini.

    BDERecoveryKey=AD is not valid for a non-domain joined machine.


    Many questions such as where do I find logs and what logs are interesting are found in: MDT TechNet Forum - FAQ & Getting Started Guide Please take the time to read it. Also if you don't post logs your problem won't be easily solved.

    Tuesday, December 20, 2016 4:54 AM
    Moderator