Hi there we currently have the Dell K2000 imaging our Windows 7/8/10 computers with Bitlocker Pre-Provisioning enabled before deploying the OS to the harddrive. I am contemplating on whether to make a write-up on how to achieve this. Is there any interest in such a write-up? 

6 Comments   [ - ] Hide Comments


  • 15 views, but no answers...
    Is the method you use specific to KACE, or could it be adapted for other EDS systems? Either way it would make interesting reading for me :-)
    • Yes specific to using KACE. Creating Win10PE KBE with custom features added to WinPE using DISM (to enable manage-bde for bitlocker provisioning). Then pre-installation steps to use CCTK to check/enable/activate TPM and reboot if needed to recognize TPM in WinPE. All that's left after that is to format your drive and encrypt then deploy. I also have implemented Microsoft Bitlocker Administration 2.5 SP1 to encrypt key and escrow to MBAM server and Active Directory. I'll likely end up making a how-to in the future on this. It took time to piece it all together since how-to's for doing so is more specific toward SCCM. Will give it a few days to see if any other K2000 users are interested.
    • Take a look at what I've got going so far. http://www.itninja.com/blog/view/dell-k2000-windows-7-8-10-with-bitlocker-pre-provisioning
  • You should blog this, a lot of time people will read articles and then think I can use this, it is less work then how we do it currently. VS being stuck looking for that specific answer to fix it
    • contributions like that are what ITNinja is about.
      • http://www.itninja.com/blog/view/dell-k2000-windows-7-8-10-with-bitlocker-pre-provisioning
  • I would be interested yes. We are just in the research phase of deploying Bitlocker in our organisation and this would be extremely useful for us.
  • Sorry we have been going through an audit. I will start putting this together soon. I hope to have it done next week.
  • Content will be added as I can get it together

  • Content has been added. Please feel free to critique.
Please log in to comment

Answer this question or Comment on this question for clarity



Yes, I need this script badly.

I also have my AD configured to store the recovery keys. I need to enable bitlocker as a post installation task. you have to be logged into the domain as an admin to store the keys.

any help would be greatly appreciated.

I used Microsoft SCCM to do this job before and it worked perfectly.

Answered 05/18/2016 by: burgess1
White Belt

  • This is the process I use to do so with the K2000.

Please log in to comment