Thanks for the responses guys. Have any of you used ZTI_Bde.wsf? Its included in the MDT Toolkit and seems to address this very situation.
On Thu, Apr 3, 2014 at 10:45 AM, <[email protected]> wrote: > unless you are deploying the recovery environment WinRE, you only need a > 500mb BDE partition. you also should not assign a drive letter to it 😉 > > > > Sent from Windows Mail > > *From:* Mike Dzikowski <[email protected]> > *Sent:* ‎Thursday‎, ‎April‎ ‎3‎, ‎2014 ‎10‎:‎39‎ ‎AM > *To:* [email protected] > > > *http://support.microsoft.com/kb/933246*<http://support.microsoft.com/kb/933246> > > *Example scenario 1* > The target system has a single partition. To prepare the computer for > BitLocker, you want to split the operating system partition. You want the > following conditions to be true: > > > > - The size of the new partition is 1500 MB. > - The new partition uses X for the drive letter. > - During the operation, confirmation dialog boxes do not appear. > - The system restarts when the operation is completed. > > To use these settings, run the following command at a command prompt: > > > BdeHdCfg.exe -target c: shrink -newdriveletter x: -size 1500 -quiet > -restart > > Sounds like your scenario. > > > ------------------------------ > Date: Wed, 2 Apr 2014 16:05:36 -0400 > Subject: [mssms] Need to deploy BitLocker to machines in the field without > the needed partitions > From: [email protected] > To: [email protected] > > Hi Guys, > > > > We’ve got maybe 2~3k systems here at $Client.Name that were built without > the partitions needed to support BitLocker, and now we need to encrypt them > without refreshing them to correct the partitions. > > > > During my initial googles, I found this > article<http://blogs.technet.com/b/configurationmgr/archive/2011/01/20/solution-the-enable-bitlocker-task-fails-to-run-during-a-configmgr-2007-task-sequence.aspx>which > makes mention of the ZTIBde resource in the MDT Toolkit, for > precisely this sort of situation. It seems this tool will use diskpart to > shrink the last 300 MB of the drive, and then handle storing the necessary > files for BitLocker there. Has anyone used this in the wild? I’m always > cautious when adjusting partitions on existing drives with user data. > > > > I've got an existing 'Encrypt' TS that works fine for systems with the > needed partitions. I'd like to be able to use the ZTIBde.wsf script to fix > the partitions on the machines, then encrypt them. > > > Are there any pitfalls I should know about? Any tips? > > > Thanks, > > > > > >
