Deploying Windows 7 with BitLocker using MDT 2010

You want to use MDT 2010 to deploy Windows 7 to target computers so that Windows BitLocker Encryption is enabled on these computers with both Trusted Platform Module (TPM) and personal identification number (PIN) as protectors.  Unfortunately, enabling PIN during deployment blocks reboots and the deployment fails to complete.  What should you do?

Use MDT 2010 to deploy Windows 7 with BitLocker enabled but only Trusted Platform Module (TPM) as a protector.  Then after deployment the users can run the Manage-BDE.exe command-line tool to add PIN as a second protector.  Note however that doing this requires admin-level privileges.  For the syntax of Manage-BDE.exe, see

Mitch Tulloch is a seven-time recipient of the Microsoft Most Valuable Professional (MVP) award and widely recognized expert on Windows administration, deployment and virtualization. For more tips by Mitch you can follow him on Twitter or friend him on Facebook.


About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top