Hi Guys,
We've got maybe 2~3k systems here at $Client.Name that were built without the partitions needed to support BitLocker, and now we need to encrypt them without refreshing them to correct the partitions. During my initial googles, I found this article<http://blogs.technet.com/b/configurationmgr/archive/2011/01/20/solution-the-enable-bitlocker-task-fails-to-run-during-a-configmgr-2007-task-sequence.aspx>which makes mention of the ZTIBde resource in the MDT Toolkit, for precisely this sort of situation. It seems this tool will use diskpart to shrink the last 300 MB of the drive, and then handle storing the necessary files for BitLocker there. Has anyone used this in the wild? I'm always cautious when adjusting partitions on existing drives with user data. I've got an existing 'Encrypt' TS that works fine for systems with the needed partitions. I'd like to be able to use the ZTIBde.wsf script to fix the partitions on the machines, then encrypt them. Are there any pitfalls I should know about? Any tips? Thanks,
