Disable Bitlocker

Task Sequence Steps – Disable Bitlocker

This post is part of our Task Sequence – Beyond the Docs series.

This step simply suspends bitlocker. It does not trigger a remove of bitlocker, but only suspends it for the next reboot(s). This is handy when applying firmware updates, or doing in-place reimaging (refresh).

MS Docs

Variables for Disable BitLocker

These are used to set the number of reboots to keep Bitlocker suspended. Check out the links for additional details

• OSDBitLockerRebootCount
  • Accepts 1 – 15 as acceptable input
• OSDBitLockerRebootCountOverride
  • Can be set to 0 for always suspend bitlocker.

PowerShell

• Get-CMTSStepDisableBitLocker
• New-CMTSStepDisableBitLocker
• Remove-CMTSStepDisableBitLocker
• Set-CMTSStepDisableBitLocker

Demo

The Step Image

The Step is simple, pick the drive, or have the TS determine the system drive for you, then pick how many reboots to suspend bitlocker for.
In the log, you can see how the settings relate to the log and how it builds the manage-bde command line.

Here you see a status taken before the step runs, and one after. The difference is the Protection Status: value. After the step runs, the protection is disabled for 1 reboot.

More Task Sequence Steps – Beyond the Docs

Find all of our Task Sequence – Beyond the Docs series posts here.

About Recast Software

1 in 3 organizations using Microsoft Configuration Manager rely on Right Click Tools to surface vulnerabilities and remediate quicker than ever before.
Download Free Tools
Request Pricing