How to deploy BitLocker with Specops Deploy
If you need to protect your organizational data through drive encryption, chances are, you’ll need BitLocker deployment. This was the case for a Specops Deploy customer that wanted to enable BitLocker on new Windows 10 machines. In this blog post we will walkthrough how to activate BitLocker with Specops Deploy / OS. The process is quite easy, and does not require configuring a Task Sequence in MDT.
- From the Group Policy Management Editor, browse to: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption, click Operating System Drives.
- Enable Choose how BitLocker-protected operating system drives can be recovered.
- Configure the recovery settings as you see fit, and tick the Do not enable BitLocker until recovery information is stored to AD DS for operating system drives checkbox.
- Click OK.
- Open the Specops Deploy / OS admin tool.
- In the navigation pane, expand Policies.
- Select the Group Policies
- From the Deployment Policies drop down, select the policy you want to edit.
- Find the Custom MDT Properties settings, and click Add.
- Add the following variables:
- Click Save.
The affected machines will be encrypted after deployment.