Preparing the TPM for BitLocker Pre-Provisioning in Windows 10 for Think products using SCCM
This article has moved to https://blog.lenovocdrt.com/#/2017/tpm_pre_provision We have received several inquiries from customers who are moving to Windows 10 that are trying to leverage BitLocker and pre-provisioning during OSD. Pre-provisioning the disk will encrypt only used space, so when this step executes, the drive will be encrypted before the operating system has been laid down to the client , saving a ton of time. The catch here is that in order for pre-provisioning to work, a TPM has to be present on the system AND enabled, as stated in the Pre-provision BitLocker step. With that being said, all Lenovo ThinkPad's with Discrete TPM 1.2 are shipped from the factory with the TPM enabled but NOT Active. Systems with TPM 2.0 only should already be Enabled. If the system runs through a deployment without activating the TPM in BIOS, pre-provisioning will not work. If you review the OSDOfflineBitlocker.exe section of the smsts.log, you'll see the failure