12/14/2018 247 views

We are using the K2000 to deploy our Desktop and Laptop images using Scripted Installs.  The Scripted Installs use Windows 10 2019 LTSC.

Is there a way to use a post-installation task to bitlock the drive of our laptops?

If so, after the drive is bitlocked, how can the bitlocker key be fed to the K1000 as a field in the Inventory of the device for that specific laptop?

Answer Summary:
0 Comments   [ + ] Show comments


Answer Chosen by the Author


all informations can be found here:

so a post install task would countain at least manage-bde -on c: to encrypt the drive C (you can also add different other parameters if needed)

Since there are so many possibilities to extract the key, which differs regarding how you use bitlocker, there is no easy answer, but the manual (linked above) contains also many informations regarding that. You would likely need to create a script.

Answered 12/15/2018 by: Nico_K
Red Belt

All Answers


Post installation tasks are capable of sending powershell scripts....

So if you have a PowerShell script designed to enable bit locker and lock a drive, you may upload the PS1 file into the KACE SDA(formerly known as K2000) as a post install task. (you must be in version 5.1 I think...)

This is another good guide using the KACE SDA:

For the KACE SMA (formerly known as K1000), if you have a way to retrieve that Bitlocker key via Command Prompt, Powershell or Windows Registry, you could use a Script and a Custom Inventory rule to pull that information.


Answered 12/16/2018 by: Channeler
Red Belt