Bit locker Encryption still running at 128kb instead of the required 256kb in task sequence.

Contributor

Hi

 

We use SCCM and have created a Windows 10 deployment which should set Bitlocker encryption to 256KB but instead it's setting it to 128KB. The step to change the encryption is set in a build task sequence. 

 

Its not Group policy that is affecting it as its occurring well before then and at build. 

Does anyone have any suggestions what it could be?

 

Many Thanks

3 Replies

@isotonic_uk could be the auto encryption capability by Windows 10. When you have Uefi enabled, TPM and Secure Boot on, the devices will auto encrypt with the default which is 128. 

There are ways to prevent this with depending on how you deploy, I think adjusting the unattend.xml or putting in a registry item.

 

@Matthias_Hei Thanks for the input.

 

sorry i am pretty new to bitlocker but found this article, could this work if I was to enable into a task sequence....

 

https://jayrbarrios.com/2018/05/15/windows-10-osd-enabling-bitlocker-xts-aes-256-on-multiple-drives-...

 

thanks

@isotonic_uk 

That might be a good test to try out.

Here you find the registry key that allows you to deactivate the automatic encryption and you will find some more information, in case you need it:

https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-bitlocker#disable-bi...

 

Regards

Matthias