![disable secure boot windows 10 task sequence disable secure boot windows 10 task sequence](https://ccmexec.com/wp-content/uploads/2016/07/BiosUefi13.png)
The solution then, is that we need ‘something’ to first check to see if BitLocker is enabled and use this to govern whether the ‘Disable BitLocker’ step runs. You could enable the ‘Continue on error’ option on this step, however if the step genuinely fails to disable the BitLocker protectors then it will still proceed to attempt to stage the boot image, which is far from ideal. However, your Task Sequence will now fail if you attempt to refresh a system that does not have BitLocker enabled to be disabled – a poor show by the ‘Disable BitLocker’ step really. You then add the ‘Disable BitLocker’ task to the Refresh section of your Task Sequence and this works nicely. You then arrive at testing your Task Sequence in the REFRESH scenario (initiating the Task Sequence from within the running OS) and find that if BitLocker is enabled then your standard Task Sequence fails – as it cannot stage the boot image to your OS drive. You probably already got this far, which is no doubt why you are reading this article.
![disable secure boot windows 10 task sequence disable secure boot windows 10 task sequence](https://4.bp.blogspot.com/-ZveMqVkJOu0/W65AsOb5MdI/AAAAAAAAYh4/gIPQ97V1b1UTSGYQIFJTNe7MRsztC9ywwCLcBGAs/s1600/image013.jpg)
Out of the box, the standard Client Task Sequence MDT Template has a disabled step for ‘Enable BitLocker’ and as long as you have either manually or scripted the enable and activation of the TPM chip and completed the Active Directory work required this will do the job of encrypting your OS drive.
DISABLE SECURE BOOT WINDOWS 10 TASK SEQUENCE HOW TO
There are quite a few blog posts and articles that provide guidance on how to enable BitLocker during an OSD Task Sequence, however most (if not all) of them omit critical information as to how to correctly handle the detection and disabling of BitLocker during the REFRESH scenario.