SCCM cannot encrypt Windows 7 during OSD

I came across this problem which manifested itself differently in a few cases but the most common result is something like this:

Windows 10 1511 (build 10586) includes a new bitlocker encryption, XTS-AES encryption algorithm, which cannot be read by earlier versions of Windows including Windows 7, 8/8.1 and 10 older than v1511.

The fix is documented here: https://social.technet.microsoft.com/Forums/en-US/07c809fc-486b-49aa-8df8-70e374d90402/sccm-2012-r2-sp1-preprovision-bitlocker-windows-7-cannot-read-drive-after-reboot?forum=configmanagerosd and all credit goes to Anders Horgen for creating a PowerShell script to apply the fix. It may be a little overkill but it works so here it is: OSD_Set_BitLocker_Chiper-v1.0.0.ps1

Steps to implement this fix:

  1. Create a new package (or use an existing if you prefer)
  2. Add a new step to your TS just before Pre-provision BitLocker
  3. Fill it in something like this:

Leave a Reply

Your email address will not be published. Required fields are marked *