How do I enable BitLocker when deploying Win 10 with SCCM + MDT 2013

We have a working base image for Windows 10, and are able to deploy it using SCCM current branch and MDT 2013 (thanks largely to the guides on this web site).  We're now want to start testing the enabling of BitLocker when we deploy new computers. We're already setup BitLocker and are saving recovery keys to AD. We're been doing manual setups of laptops up to this point.

I see a "Enable BitLocker" (Run Command Line) task in the standard MDT task sequence that runs "%deployroot%\scripts\ZTIBde.wsf" if a task sequence variable exists. I don't know what this script is going to do.

However if I Add the Disk > Enable BitLocker task in the TS by hand, I get something completely different. This task is preferable since it's clear when you edit the TS that you know what it's going to do. Does this task assume TPM is already enabled? Is there a step that can confirm TPM is enabled, and if not, enable it?

What's the preferred way to enable BitLocker during image deployment?  Is there documentation, or anywhere else, that can help us with this?
LVL 1
RhoSysAdminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

aravind ancheWindows/Vmware Commented:
To do with MDT you need to configure AD
https://docs.microsoft.com/en-us/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker

Configure the Windows 10 task sequence to enable BitLocker
When configuring a task sequence to run any BitLocker tool, either directly or using a custom script, it is helpful if you also add some logic to detect whether the BIOS is already configured on the machine. In this task sequence, we are using a sample script (ZTICheckforTPM.wsf) from the Deployment Guys web page to check the status on the TPM chip. You can download this script from the Deployment Guys Blog post, Check to see if the TPM is enabled. In the following task sequence, we have added five actions:

Check TPM Status. Runs the ZTICheckforTPM.wsf script to determine if TPM is enabled. Depending on the status, the script will set the TPMEnabled and TPMActivated properties to either true or false.
Configure BIOS for TPM. Runs the vendor tools (in this case, HP, Dell, and Lenovo). To ensure this action is run only when necessary, add a condition so the action is run only when the TPM chip is not already activated. Use the properties from the ZTICheckforTPM.wsf. Note
It is common for organizations wrapping these tools in scripts to get additional logging and error handling.

Restart computer. Self-explanatory, reboots the computer.

Check TPM Status. Runs the ZTICheckforTPM.wsf script one more time.
Enable BitLocker. Runs the built-in action to activate BitLocker

http://renshollanders.nl/2014/01/mdt-2013-configuring-your-environment-for-bitlocker-deployments-with-tpm-windows-8-1-and-mdt-2013/


CHCK THE ARTICLE BELOW
https://blogs.technet.microsoft.com/chuck_kiessling/2012/02/03/enabling-bitlocker-with-an-sccm-task-sequence/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Seth SimmonsSr. Systems AdministratorCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Accept: aravind anche (https:#a42450610)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.