If the BitLocker on the machine does not encrypt anything, you may just follow the standard recommendations for preparing a hard drive to install FDE.
If the installed BitLocker has encrypted the device, remove the Bitlocker first before preparing the hard drive for FDE installation. Below are the options to remove the BitLocker:
Note: You may test first this procedure on your pilot program before mass deploying to your end-user machines.
- Turn off or decrypt BitLocker.
- Prepare a hard disk drive for FDE installation.
- Install FDE.
- Back up any end-user data on a device.
- Image the machine. When re-imaging a machine, do the following:
- Perform a DiskPart Clean All command on the disk.
- Create your partition.
- Format the drive.
- Lay down your image on the drive.
Here is an example of the process when capturing your core image using Windows PE Imagex:
Imagex /capture /compress maximum /check C: Z:\MyImage.wim “My Image”.
Select disk 0
Create Partition Primary
Assign letter = C
Format C: /fs:ntfs /v:system
Imagex /apply Z:\MyImage.wim 1 C:
In our example, Z represents the USB storage device inserted into the machine. This may vary from device to device.