Stephen,
The first thing I would do is deploy a task to defragment the free space on drives. I recently tried to shrink a BitLocker volume on a Windows 7 SP1 Enterprise system, and was not able to shrink much until doing a defrag.exe /x. Just a precautionary measure, since 300MB isn't a lot, but you might have more success this way. I would follow that up with a call to diskpart.exe to shrink the disk, and then create the partition. I'm assuming these are Windows 7 and don't have the appropriate PowerShell modules to handle creation of partitions and the like? The bdehdcfg.exe and manage-bde.exe utilities might offer you some help as well. Check these out for more options. Of course, test, test, test! :) Cheers, Trevor Sullivan From: [email protected] [mailto:[email protected]] On Behalf Of Stephen Owen Sent: Wednesday, April 2, 2014 3:06 PM To: [email protected] Subject: [mssms] Need to deploy BitLocker to machines in the field without the needed partitions Hi Guys, We've got maybe 2~3k systems here at $Client.Name that were built without the partitions needed to support BitLocker, and now we need to encrypt them without refreshing them to correct the partitions. During my initial googles, I found this article <http://blogs.technet.com/b/configurationmgr/archive/2011/01/20/solution-the -enable-bitlocker-task-fails-to-run-during-a-configmgr-2007-task-sequence.as px> which makes mention of the ZTIBde resource in the MDT Toolkit, for precisely this sort of situation. It seems this tool will use diskpart to shrink the last 300 MB of the drive, and then handle storing the necessary files for BitLocker there. Has anyone used this in the wild? I'm always cautious when adjusting partitions on existing drives with user data. I've got an existing 'Encrypt' TS that works fine for systems with the needed partitions. I'd like to be able to use the ZTIBde.wsf script to fix the partitions on the machines, then encrypt them. Are there any pitfalls I should know about? Any tips? Thanks,
