Enable BitLocker with Deployment

Before you enable BitLocker, make sure that TPM is enabled on your target devices. Additionally, we recommend that you review Microsoft's documentation about configuring Group Policy to back up your recovery keys. Then, build and capture your Reference VM as typical. 

Add the Tasks to Activate Windows to Your Answer File

  1. Switch to the Answer Files workspace of the SmartDeploy Console.
  2. Create or edit an existing answer file, and then click Advanced.
  3. Click the Tasks tab, and then click Add. 
  4. In the Phase menu, click First logon.
  5. In the Command line field, type manage-bde.exe -on C: -RecoveryPassword -SkipHardwareTest.
  6. Click OK to add the task, and then click OK to close the Advanced settings window. 
  7. Proceed through the Answer File Wizard, and save the answer file. 
  8. Re-create any boot media that you want to use with this answer file. 


Note: When you plan deployments, migrating existing user data on devices with BitLocker enabled, disable SecureBoot, and suspend BitLocker in Windows before you proceed with the deployment. 

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.