I could not find a simple step by step document was not present on how to create a simple Task Sequence with BitLocker, so I created this document for those looking for the basic step by step.

The following steps were taken primarily from these two blog posts:

To get this working, I actually had to use two blog posts:

The first one, which was crucial in making sure the partitions were created correctly, and subsequently identified correctly by the Install OS step, to make sure the boot files and OS install went to the correct partitions, was this one written by Frank Rojas:
http://blogs.technet.com/b/configurationmgr/archive/2011/01/20/solution-the-enable-bitlocker-task-fails-to-run-during-a-configmgr-2007-task-sequence.aspx

The second one was also important, to get the proper permissions configured in AD for the msTPM-OwnerInformation write permission for the SELF group on the Container or OU where the computer objects are being stored in AD. For me, in my LAB, it was the Computers container. This was written by Manoj Sehgal: http://blogs.technet.com/b/askcore/archive/2010/03/30/access-denied-error-0x80070005-message-when-initializing-tpm-for-bitlocker.aspx

These steps assume you have enabled the needed functions in the BIOS per your computer manufacturer, and if needed, extended AD, per the requirements for storing Bitlocker recovery information in AD, and also that you have modified the Write msTPM-OwnerInformation permissions for the SELF Group in AD, per blog post 2 above.

This is a very basic Task Sequence, and we will focus on the steps that need to be configured or altered to allow for a successful Bitlocker encryption of the drive, we used a captured Windows 7 Enterprise RTM x86 WIM, and these steps should work whether or not it only contains the 1-1 image (the operating system image) or if it also includes the 2-2 (data image):

For more details on Bitlocker Support in general, see the following blog post:
http://blogs.technet.com/b/inside_osd/archive/2008/04/08/bitlocker-support.aspx

This is the Main Task Sequence minimum steps needed:

Notice the two partitions on the single disk 0, this is a basic single disk Laptop, you could have other disks, with encryption or not, we are focused on the basic steps, and including all the details needed to get this enabled and working in the simplest configuration. The System Reserved partition is will be the bootable partition; this is required because the files that will be created on this partition cannot be encrypted, the OS partition will be where the Operating System Files are installed:

This is the Partition Disk step showing the two partitions needed:

This is the System Reserved partition; this name can actually be anything desired as long as it abides by Windows naming rules but it should describe the partition as the boot or Bitlocker partition/drive:

This is the System Reserved Partition Properties:


 

This is the OS partition; this name can actually be anything desired as long as it abides by Windows naming rules but it should describe the partition as the Windows OS partition/drive:

This is the OS Partition Properties:


 

In the "Apply Operating System" or "Apply Operating System Image" task: Under the “Select the location where you want to apply this operating system.” option, in the "Destination:" drop-down menu, select "Logical drive letter stored in a variable".  Under the "Select the location where you want to apply this operating system." option, in the "Variable name:" field, enter in: OSPART

This is the Apply Operating System step Properties:

In this step, we are choosing the most basic configuration for enabling Bitlocker, and encrypting the drive that the OS is installed to, notice we are not choosing to create a recovery key in Active Directory. This was only to demo the process in the Task Sequence in our Lab; you would be advised to follow best practices in a production environment, and to create the recovery key in Active Directory:

This is the Enable Bitlocker step properties:

 

Once the last reboot has occurred, and you are running the Windows 7 Operating System, you can open a command prompt and use the following command to see the current Bitlocker status of the system:

C:\Windows\system32>manage-bde –status
BitLocker Drive Encryption: Configuration Tool version 6.1.7600
Copyright (C) Microsoft Corporation. All rights reserved.
Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [OS]
[OS Volume]
    Size:                 74.24 GB
    BitLocker Version:    Windows 7
    Conversion Status:    Encryption in Progress
    Percentage Encrypted: 0%
    Encryption Method:    AES 128 with Diffuser
    Protection Status:    Protection Off
    Lock Status:          Unlocked
    Identification Field: None
    Key Protectors:
        TPM
C:\Windows\system32>

In this test, it took about 1 hour and 20 minutes for the entire encryption process to complete:

C:\Users\administrator>manage-bde –status
BitLocker Drive Encryption: Configuration Tool version 6.1.7600
Copyright (C) Microsoft Corporation. All rights reserved.
Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [OS]
[OS Volume]
    Size:                 74.24 GB
    BitLocker Version:    Windows 7
    Conversion Status:    Fully Encrypted
    Percentage Encrypted: 100%
    Encryption Method:    AES 128 with Diffuser
    Protection Status:    Protection On
    Lock Status:          Unlocked
    Identification Field: None
    Key Protectors:
        TPM
C:\Users\administrator>

NOTE: During the process, and until it was completed, it was showing only about 5 and half gig free on the 74 gig partition, once it was complete, it showed over 65 gigs free.

This is the view of the disk in Disk Management the 300 MB System Reserved Partition does not show up in My Computer: