Use this task to enable the BitLocker task. BitLocker is a full-disk encryption feature included in Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008 designed to protect data by providing encryption for entire volumes. By default, it uses the Advanced Encryption Standard (AES), also known as Rijndael, a block cipher adopted as an encryption standard by the U.S. government.

The AES algorithm in Cipher-block Chaining mode with a 128-bit key is often combined with the Elephant diffuser for additional security. BitLocker is available only in the Enterprise and Ultimate editions of Windows 7 and Windows Vista Enterprise, Windows Server 2008 R2, and Windows Server 2008.

Select one of the following methods of enabling BitLocker:

·     In a task sequence, enable the BitLocker task.

In addition, configure the partition in the Format and Partition task, which is necessary for New Computer scenarios but not in Refresh Computer scenario. The most common configurations are:

·     One partition: 100%

·     One partition and some unallocated space

·     In the Deployment Wizard, configure the BitLocker page. This requires that the Enable BitLocker task be enabled in the task sequence used for deployment.

·     In the CustomSettings.ini file, set the following properties:

·     BDEInstall=TPM

·     BdeInstallSuppress=NO

·     BDeWaitForEncryption=False

·     BDEDriveSize=2000

·     BDEDriveLetter=S:

·     BDEKeyLocation=C:

·     SkipBitLocker=YES

For more information about enabling BitLocker, see Windows BitLocker Drive Encryption Frequently Asked Questions.

Related Topics

Configure Disk Task Sequence Steps