Table 30 lists the BitLockerPage task sequence variables with a description and whether the variable is read by the wizard page, written by the wizard page, or can be configured in the UDI Wizard configuration file.

Table 30. BitLockerPage Task Sequence Variables

Variable

Read

Write

Config

BDEInstallSuppress

Specifies whether BitLocker installation should be suppressed. If the variable is set to:

·     YES, then the Enable BitLocker check box is selected and the installation is performed

·     NO, then the Enable BitLocker check box is cleared and the installation is not performed

Yes

Yes

Yes

BDEKeyLocation

Specifies the fully qualified path to the location where the BitLocker encryption keys are stored, which can be a local or UNC path. This variable is set to the value of the KeyLocation setter value in the UDI Wizard configuration file for the BitLockerPage. This variable is only considered valid when the OSDBitLockerMode is set to TPMKEY or KEY.

No

Yes

No

BDEPin

Specifies the BitLocker PIN value if the Enable BitLocker using TPM and Pin option is selected.

Yes

Yes

Yes

OSDBitLockerCreateRecoveryPassword

Specifies whether a BitLocker recovery password should be stored in AD DS. If the variable is set to:

·     AD, then the In Active Directory option is selected and the recovery keys will be stored in AD DS (recommended)

·     NONE, then the Do not create a recovery key option is selected and the recovery keys will not be stored in AD DS (not recommended)

No

Yes

No

OSDBitLockerMode

Specifies the mode to be used when enabling BitLocker on the target computer. Valid values include:

·     TPM. This value indicates that the Enable BitLocker using TPM only option is selected and that only TPM will be used when enabling BitLocker on the target computer.

·     TPMPIN. This value indicates that the Enable BitLocker using TPM and Pin option is selected and that TPM and a user-specified PIN will be used when enabling BitLocker on the target computer.

·     TPMKEY. This value indicates that the Enable BitLocker using TPM and Startup Key option is selected and that TPM and a startup key will be used when enabling BitLocker on the target computer.

·     KEY. This value indicates that the Enable BitLocker using only an External Startup Key option is selected and that only an external startup key will be used when enabling BitLocker on the target computer.

No

Yes

No

OSDBitLockerStartupKeyDrive

Specifies the drive letter where the BitLocker external startup key will be stored on the target computer. This variable is only considered valid when OSDBitLockerMode is set to TPMKEY or KEY.

No

Yes

No

OSDBitLockerWaitForEncryption

Specifies whether the task sequence should wait until BitLocker encryption finishes. If the variable is set to:

·     YES, then the Wait for BitLocker Encryption to complete on all drives before continuing check box is selected and the task sequence will wait until the installation is complete

·     NO, then the Wait for BitLocker Encryption to complete on all drives before continuing check box is cleared and the task sequence will not wait until the installation is complete

Yes

Yes

Yes

 

Related Topics

BitLockerPage