Hello,

We're trying to patch 400 machines with the Intel AMT vulnerability, and some of them have Bitlocker enabled.

I'm struggling develop a method of suspending Bitlocker before running the BIOS updates on these machines.  I've got to use a script because it's a multi-step process and KACE doesn't have a built in way to suspend Bitlocker.

So the first method I tried was Powershell; Suspend-BitLocker -MountPoint C: -RebootCount 1

This works when run locally.

However, when I put it in an offline or online kscript and try to run it with the execution bypass switches it reports back that the "Suspend-Bitlocker" cmd or attribute doesn't exist.

7v63WH.png

wbt8eT.png

I also tried Launch a Program > $(KACE_SYS_DIR) > cmd.exe with parameters set to Manage-bde.exe -protectors -disable c:

Which also works locally.  But logs say it completes but does not actually suspend Bitlocker.

Any help would be appreciated.
2 Comments   [ + ] Show Comments

Comments

  • See Method 2 here:
    "Powershell Script from the K1000"

    https://support.quest.com/kace-systems-management-appliance/kb/138389
    • That results in the same error. "The term 'Suspend-BitLocker' is not recognized as the name
      of a cmdlet, function, script file, or operable program. Check the spelling of
      the name, or if a path was included, verify that the path is correct and try
      again."
      • Were you able to follow Method 2 and test the Script module + Powershell using the HelloWorld.ps1 example?
  • For some reason I can't directly reply to you.

    Not sure how that would help as I have already deployed several Powershell scripts on this machine. Enabling Microsoft Updates and turning off Hibernation are done with it.
    • Not something that was mentioned in your opening statement, if that is true that means that Bitlocker thing requires more Admin power, since you confirmed the Script works fine locally and other PS scripts are working fine.

      Not PS, but have you tried?
      https://gallery.technet.microsoft.com/scriptcenter/Suspend-Bitlocker-and-0e3d43c0#content

      It says is win10 compatible
Please log in to comment

There are no answers at this time

Answers

Answer this question or Comment on this question for clarity
Admin Script Editor
Admin Script Editor is an integrated scripting environment available free here at ITNinja

Share