ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Sysprep won't run if a drive has Bitlocker enabled

    Scheduled Pinned Locked Moved IT Discussion
    sysprepwindows 10bitlockeruefi
    14 Posts 5 Posters 9.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @dbeato
      last edited by

      @dbeato said in Sysprep won't run if a drive has Bitlocker enabled:

      @Dashrender said in Sysprep won't run if a drive has Bitlocker enabled:

      From my readings - MS will complete the Bitlocker during setup if you log into your computer with a MS account, and it will save the recovery key (encrypted) in your OneDrive.

      Yes, this happens with the Microsoft Surface as well. They all come with Bitlocker enabled. Which means Microsoft has all the recovery keys 😛

      Tricky

      1 Reply Last reply Reply Quote 0
      • DustinB3403D
        DustinB3403 @dbeato
        last edited by

        @dbeato said in Sysprep won't run if a drive has Bitlocker enabled:

        @Dashrender said in Sysprep won't run if a drive has Bitlocker enabled:

        From my readings - MS will complete the Bitlocker during setup if you log into your computer with a MS account, and it will save the recovery key (encrypted) in your OneDrive.

        Yes, this happens with the Microsoft Surface as well. They all come with Bitlocker enabled. Which means Microsoft has all the recovery keys 😛

        So the summary here is to still use any 3rd party encryption solution....

        dbeatoD 1 Reply Last reply Reply Quote 1
        • dbeatoD
          dbeato @DustinB3403
          last edited by

          @DustinB3403 not really, you can choose to move the key out of OneDrive to another drive or storage of your choosing. Though you will disable and then enable it back.

          Also this is for local accounts Or Microsoft accounts.

          1 Reply Last reply Reply Quote 0
          • coliverC
            coliver @dbeato
            last edited by

            @dbeato said in Sysprep won't run if a drive has Bitlocker enabled:

            @Dashrender said in Sysprep won't run if a drive has Bitlocker enabled:

            From my readings - MS will complete the Bitlocker during setup if you log into your computer with a MS account, and it will save the recovery key (encrypted) in your OneDrive.

            Yes, this happens with the Microsoft Surface as well. They all come with Bitlocker enabled. Which means Microsoft has all the recovery keys 😛

            Huh? We buy a few surfaces a month. None of them have had bitlocker enabled.

            dbeatoD 1 Reply Last reply Reply Quote 0
            • dbeatoD
              dbeato @coliver
              last edited by

              @coliver Did you setup a Microsoft account on them?

              coliverC 1 Reply Last reply Reply Quote 0
              • coliverC
                coliver @dbeato
                last edited by

                @dbeato said in Sysprep won't run if a drive has Bitlocker enabled:

                @coliver Did you setup a Microsoft account on them?

                No domain joined machines.

                dbeatoD DashrenderD 2 Replies Last reply Reply Quote 1
                • dbeatoD
                  dbeato @coliver
                  last edited by

                  @coliver that setup is not affected.

                  1 Reply Last reply Reply Quote 0
                  • DashrenderD
                    Dashrender @dbeato
                    last edited by

                    @dbeato said in Sysprep won't run if a drive has Bitlocker enabled:

                    @Dashrender said in Sysprep won't run if a drive has Bitlocker enabled:

                    From my readings - MS will complete the Bitlocker during setup if you log into your computer with a MS account, and it will save the recovery key (encrypted) in your OneDrive.

                    Yes, this happens with the Microsoft Surface as well. They all come with Bitlocker enabled. Which means Microsoft has all the recovery keys 😛

                    Not sure that's correct. From what I read, Bit locker is turned on, but not activated unless you sign into the device with a MS account, or activate it manually, saving the recovery key.

                    dbeatoD 1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender @coliver
                      last edited by

                      @coliver said in Sysprep won't run if a drive has Bitlocker enabled:

                      @dbeato said in Sysprep won't run if a drive has Bitlocker enabled:

                      @coliver Did you setup a Microsoft account on them?

                      No domain joined machines.

                      Are you sure Bitlocker isn't on, just not activated?

                      coliverC 1 Reply Last reply Reply Quote 0
                      • dbeatoD
                        dbeato @Dashrender
                        last edited by

                        @Dashrender said in Sysprep won't run if a drive has Bitlocker enabled:

                        @dbeato said in Sysprep won't run if a drive has Bitlocker enabled:

                        @Dashrender said in Sysprep won't run if a drive has Bitlocker enabled:

                        From my readings - MS will complete the Bitlocker during setup if you log into your computer with a MS account, and it will save the recovery key (encrypted) in your OneDrive.

                        Yes, this happens with the Microsoft Surface as well. They all come with Bitlocker enabled. Which means Microsoft has all the recovery keys 😛

                        Not sure that's correct. From what I read, Bit locker is turned on, but not activated unless you sign into the device with a MS account, or activate it manually, saving the recovery key.

                        Correct, which I then try to say Local accounts and MS accounts. So for the record it is on with MS accounts.

                        1 Reply Last reply Reply Quote 0
                        • coliverC
                          coliver @Dashrender
                          last edited by coliver

                          @Dashrender said in Sysprep won't run if a drive has Bitlocker enabled:

                          @coliver said in Sysprep won't run if a drive has Bitlocker enabled:

                          @dbeato said in Sysprep won't run if a drive has Bitlocker enabled:

                          @coliver Did you setup a Microsoft account on them?

                          No domain joined machines.

                          Are you sure Bitlocker isn't on, just not activated?

                          I'm not sure what you mean? Bitlocker is a part of the operating system... you need to turn it on to enable encryption. So if you're asking if it is installed the answer is yes. If you're asking if it is enabled the answer is no.

                          DashrenderD 1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @coliver
                            last edited by

                            @coliver said in Sysprep won't run if a drive has Bitlocker enabled:

                            @Dashrender said in Sysprep won't run if a drive has Bitlocker enabled:

                            @coliver said in Sysprep won't run if a drive has Bitlocker enabled:

                            @dbeato said in Sysprep won't run if a drive has Bitlocker enabled:

                            @coliver Did you setup a Microsoft account on them?

                            No domain joined machines.

                            Are you sure Bitlocker isn't on, just not activated?

                            I'm not sure what you mean? Bitlocker is a part of the operating system... you need to turn it on to enable encryption. So if you're asking if it is installed the answer is yes. If you're asking if it is enabled the answer is no.

                            Bitlocker has three states, as far as I can tell

                            1. Bitlocker Off
                            2. Bitlocker On, but not activated - not encrypting drive
                            3. Bitlocker activated

                            In my experience, a BIOS based machine puts Windows 10 into option 1 above.
                            My recent experience has shown that machines with UEFI and Secure Boot enabled that Windows 10 puts the system in option 2 or 3 depending on setup.
                            If you add a Microsoft Account while going through OOBE, the Windows will create a recovery key for Bitlocker, save it to your OneDrive account, and use option 3.
                            If you add a local account during OOBE, Windows will put the system into option 2.

                            1 Reply Last reply Reply Quote 2
                            • 1 / 1
                            • First post
                              Last post