This task sequence step configures BitLocker® Drive Encryption on the target computer. For more information about this step type, see Enable BitLocker.

The unique properties and settings for the Enable BitLocker task sequence step type are:

Properties

Name

Description

Type

Set this read-only type to Enable BitLocker.

 

Settings

Name

Description

Current operating system drive

When selected, the operating system drive will be configured. This is the default selection.

Specific drive

When selected, the specified drive will be configured.

TPM only

When selected, the Trusted Platform Module (TPM) is required. This is the default selection.

Startup key on USB only

When selected, a startup key is required on the specified USB drive.

TPM and startup key on USB

When selected, the TPM is required in addition to a startup key on the specified USB drive.

In Active Directory

When selected, the recovery key is stored in AD DS. This is the default selection.

Do not create a recovery key

When selected, the recovery key is not created. Using this option is not recommended.

Wait for BitLocker to complete

When selected, this step will not finish until after BitLocker has finished processing all drives.

 

Related Topics

Specific Properties and Settings for Task Sequence Step Types