ConfigMgr
Disable Bitlocker
Topics: ConfigMgr
Task Sequence Steps – Disable Bitlocker
This post is part of our Task Sequence – Beyond the Docs series.
This step simply suspends bitlocker. It does not trigger a remove of bitlocker, but only suspends it for the next reboot(s). This is handy when applying firmware updates, or doing in-place reimaging (refresh).
MS Docs
Variables for Disable BitLocker
These are used to set the number of reboots to keep BitLocker suspended. Check out the links for additional details.
- OSDBitLockerRebootCount
- Accepts 1 – 15 as acceptable input
- OSDBitLockerRebootCountOverride
- Can be set to 0 for always suspend bitlocker.
PowerShell
- Get-CMTSStepDisableBitLocker
- New-CMTSStepDisableBitLocker
- Remove-CMTSStepDisableBitLocker
- Set-CMTSStepDisableBitLocker
Demo
The Step Image
The Step is simple, pick the drive, or have the TS determine the system drive for you, then pick how many reboots to suspend BitLocker for.
In the log, you can see how the settings relate to the log and how it builds the manage-bde command line.
Here you see a status taken before the step runs, and one after. The difference is the Protection Status: value. After the step runs, the protection is disabled for 1 reboot.
Find all of our Task Sequence – Beyond the Docs series posts here.
About Recast Software
1 in 3 organizations using Microsoft Configuration Manager rely on Right Click Tools to surface vulnerabilities and remediate quicker than ever before.
Download Free Tools
Request Pricing
