Overview

In System Center Configuration Manager (SCCM / ConfigMgr)  something I’ve done a few times is to create a BitLocker partition for Windows 7 during an Operating System Deployment (OSD) Task Sequence. I’ve seen the method used here a few times before but I wanted to document it for myself so that I can use it for an upcoming article on configuring BitLocker with TPM+PIN from ConfigMgr.

Instructions

These instructions are the same for both ConfigMgr 2007 and 2012.

Edit your deployment Task Sequence and select the Partition Disk 0 node. By default there is a single partition, we will create an additional partition so that we end up with two partitions named:

  • System Reserved
  • OS

 

Call the first partition System Reserved and configure it with the following options:

  • Partition type: Primary, Use a specific size (300 MB)
  • Make this a boot partition: Checked
  • File system: NTFS, Quick format

 

For Windows 7 you only need a 100 MB partition for BitLocker, but I prefer to use 300 MB to leave room in case you want to use the Windows Recovery Environment.

Call the second partition OS and configure it with the following options:

  • Partition type: Primary, Use a percentage of remaining free space (100%)
  • File system: NTFS, Quick format
  • Variable: OSPART

 

The variable OSPART can now be used to correctly identify the partition to be used in the Apply Operating System step of the Task Sequence. Configure as follows:

  • Destination: Logical drive letter stored in a variable
  • Variable name: OSPART

 

Now when this Task Sequence runs the disk will be partitioned correctly for future use of BitLocker. Alternatively, you can also just use a single partition and run the BitLocker preparation utility to shrink and partition the drive. This is sometimes useful when using USMT and hard linking to preserve disk contents. Personally, I’m a little paranoid and generally prefer to use USMT to backup to the network and then properly clean and partition the disk as above.