After the help that I had from previous questions, I have another one that someone might have the experience to give an opinion.
We are implementing Bitlocker on a new AD so we are starting fresh and more secure. I'm ending the tests on this environment and until now I have all green (saving keys to AD, etc. etc.)
Now the question is: this encryption was made manually on Windows. We use SCCM and on another test I successfully encrypted the disk as the last step of my Task Sequence. Now I'm thinking the next step - what is the correct step to re-imagine the computer? I now that if I decrypt the disk prior to WinPE boot (we enter there by Network boot) I can do the task without any issue. But with that I would:
Reset the computer account prior to re-join to the domain
The last recovery key will be there
Upon encryption I will have a new set of keys
I can also wipe the disk without decrypt, avoiding data recovery from the decryption. But I wanted to know if it's possible to re-imagine the disk maintaining the encryption and the same recovery key.
I have no PINs, just TPM as the authentication method during boot.
I searched on the Internet, MS forums, saw all the possibilities but missing what the correct step to do for this re-image mainting encripted. Thank you in advance!