This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Capturing an image with Bitlocker turned on?

Question
0

Sign in to vote
I am creating a new windows 10 image with MDT 2013. We have been told we have to have bit locker turned on for all laptops. Is it possible to image a laptop with it already turned on? Or do I have to turn it on after the image is deployed?

Thank you.
- Edited by FreeRiderHD Wednesday, November 8, 2017 2:12 PM
Wednesday, November 8, 2017 2:05 PM

All replies

0

Sign in to vote
No, that doesn't make sense. BitLocker is something enabled on a specific instance of Windows and protected to that specific instance using hardware on the system hosting that instance. It's not something the WIM image format can even capture (because a WIM image is a file based image format). Even if you were to use a bit-based image format (which I highly recommend against) you would be capturing an encrypted blob protected by a key stored on another system. Finally, I don't think sysprep will even run on a BitLocker protected system and yes, syspreping a reference system to create a reference image is required for any imaging.

Enabling BitLocker during OS deployment using the OSD feature set in ConfigMgr (this is a ConfigMgr forum) or MDT is pretty straight-forward though. I would highly encourage you to deploy MBAM first though to provide BitLocker and BitLocker key management.
Jason | https://home.configmgrftw.com | @jasonsandys
- Proposed as answer by Lorry Luo Tuesday, December 12, 2017 2:15 AM
Wednesday, November 8, 2017 2:46 PM
0

Sign in to vote

Hi,

Do you have at least two partitions or more?

Use the Enable BitLocker task sequence step to enable BitLocker encryption on at least two partitions on the hard drive. The first active partition contains the Windows bootstrap code. Another partition contains the operating system. The bootstrap partition must remain unencrypted.

Source: https://technet.microsoft.com/en-us/library/hh846237.aspx#BKMK_DisableBitLocker
Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Thursday, November 9, 2017 3:23 AM
0

Sign in to vote

You should be using a VM to capture your image, not a physical machine. There are many reasons why it is better to use VM's (hardware agnostic, ability to take snapshots and revert easily, ability to image from anywhere, etc.) but to answer your question, no, you can't capture an encrypted disk...

Jack

Thursday, November 9, 2017 3:59 AM