I am currently working on building a Windows 10 image that we can deploy to our Surface Pro 4's that we are purchasing now. I have built the image in a UEFI virtual machine and captured it successfully.
I am able to deploy this image successfully as well to the machine but it appears to be creating an issue for us after the fact.
We do not use BitLocker for full disk encryption but actually use McAfee MDE with preboot authentication (not my choice, security decision from a while ago). The problem is, after deploying the image to a Surface Pro 4, it shows the drive is encrypted but BitLocker is disabled. McAfee will not encrypt the drive if it detects any kind of encryption at all even if it isn't active like the BitLocker system in this scenario.
Normally if this were an OEM image that came with the Surface Pro 4, we could go in to control panel and enable BitLocker and then immediately disable it to allow McAfee to encrypt the drive.
For some reason this process won't work on the custom image as it tries to shrink the partitions to create the recovery partitions but is unable to and gives an error about unmovable files.
Is there a different method I can use with ImageX or something to create the partitions as they would look on an OEM imaged device. I've included a screenshot of disk management from the Surface Pro 4 when running using the OEM Microsoft image.
We are currently using LDMS 2016
I'd appreciate any help with this or direction given, thank you!