Hi i have Windows 7 ENT Sp1 x86 computer and i want to active Bitlocker during MDT 2010 deployment process I've extend my AD 2003 schéma with BitLockerTPMSchemaExtension and set ACE cscript Add-TPMSelfWriteACE.vbs My computer have a compatible TPM 1.2 chip and TPM is enable in the BIOS I've configure GPO : Require TPM backup to ADDS and Require BitLocker backup to ADDS In MDT i've enable the Bitlocker Task (see Attachement mdt.jpg) and the BDE partition (300mo ) is created When my computer is deployed, OS drive is not automatically encrypted ... i've to manually Activate Bitlocker through Explorer or launch manage-bde–on –recoverypassword C: (and it works great) For me, this have to be done automatically trough Bitlocker MDT sequence ... ? Thanks for your help if i miss something ....

You need to look at smts.log file and check why bitlocker encryption did not start. We log an error in the log file. Get the error message or send me the smsts.log file at manojsehgal@hotmail.com Open this smsts.log file using smstrace2 tool which can be downloaded from http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18153 Manoj Sehgal

Hi i've send you the log this morning Regards,

As per the smsts.log file The action (Partition Drive For BitLocker) has been skipped because it is disabled TSManager 9/28/2011 3:39:47 PM 3884 (0x0F2C) Execution of the instruction (Partition Drive For BitLocker) has been skipped TSManager 9/28/2011 3:39:48 PM 3884 (0x0F2C) Successfully complete the action (Enable BitLocker) with the exit win32 code 0 TSManager 9/28/2011 3:39:48 PM 3884 (0x0F2C) Plan: Make sure you are creating the partition for bitlocker in your task sequence. Without the partition we will not enable bitlocker. Manoj Sehgal

Hi I've disabled my custom task " Partition Drive For BitLocke" because this partition is created directly by the "Enable BitLocker" integrated task. As you seen, the partition is create (and encrypted by BitLocker by launching manually at the end of the deployment manage-bde–on –recoverypassword C)

Get the ztibde.log file which should have information related to bitlocker. Manoj Sehgal

I've just send you the bdd.log but i can't find ztibde.log ....

Hi, The issue could be incorrect configuration in MDT. I suggest contacting MDT forum to get more assistance. http://social.technet.microsoft.com/Forums/en/mdt/threads Best Regards, Niki Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Thanks, i've post on MDT forum