Overview
In System Center Configuration Manager (SCCM / ConfigMgr) something I’ve done a few times is to create a BitLocker partition for Windows 7 during an Operating System Deployment (OSD) Task Sequence. I’ve seen the method used here a few times before but I wanted to document it for myself so that I can use it for an upcoming article on configuring BitLocker with TPM+PIN from ConfigMgr.
Instructions
These instructions are the same for both ConfigMgr 2007 and 2012.
Edit your deployment Task Sequence and select the Partition Disk 0 node. By default there is a single partition, we will create an additional partition so that we end up with two partitions named:
- System Reserved
- OS
Call the first partition System Reserved and configure it with the following options:
- Partition type: Primary, Use a specific size (300 MB)
- Make this a boot partition: Checked
- File system: NTFS, Quick format
For Windows 7 you only need a 100 MB partition for BitLocker, but I prefer to use 300 MB to leave room in case you want to use the Windows Recovery Environment.
Call the second partition OS and configure it with the following options:
- Partition type: Primary, Use a percentage of remaining free space (100%)
- File system: NTFS, Quick format
- Variable: OSPART
The variable OSPART can now be used to correctly identify the partition to be used in the Apply Operating System step of the Task Sequence. Configure as follows:
- Destination: Logical drive letter stored in a variable
- Variable name: OSPART
Now when this Task Sequence runs the disk will be partitioned correctly for future use of BitLocker. Alternatively, you can also just use a single partition and run the BitLocker preparation utility to shrink and partition the drive. This is sometimes useful when using USMT and hard linking to preserve disk contents. Personally, I’m a little paranoid and generally prefer to use USMT to backup to the network and then properly clean and partition the disk as above.