How to deploy BitLocker with Specops Deploy
(Last updated on August 2, 2018)
If you need to protect your organizational data through drive encryption, chances are, you’ll need BitLocker deployment. This was the case for a Specops Deploy customer that wanted to enable BitLocker on new Windows 10 machines. In this blog post we will walkthrough how to activate BitLocker with Specops Deploy / OS. The process is quite easy, and does not require configuring a Task Sequence in MDT.
- From the Group Policy Management Editor, browse to: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption, click Operating System Drives.
- Enable Choose how BitLocker-protected operating system drives can be recovered.
- Configure the recovery settings as you see fit, and tick the Do not enable BitLocker until recovery information is stored to AD DS for operating system drives checkbox.
- Click OK.
- Open the Specops Deploy / OS admin tool.
- In the navigation pane, expand Policies.
- Select the Group Policies
- From the Deployment Policies drop down, select the policy you want to edit.
- Find the Custom MDT Properties settings, and click Add.
- Add the following variables:
- Click Save.
The affected machines will be encrypted after deployment.