Suspending Bitlocker (Powershell or as cmd line)
10/23/2017 4849 views
We're trying to patch 400 machines with the Intel AMT vulnerability, and some of them have Bitlocker enabled.
I'm struggling develop a method of suspending Bitlocker before running the BIOS updates on these machines. I've got to use a script because it's a multi-step process and KACE doesn't have a built in way to suspend Bitlocker.
So the first method I tried was Powershell; Suspend-BitLocker -MountPoint C: -RebootCount 1
This works when run locally.
However, when I put it in an offline or online kscript and try to run it with the execution bypass switches it reports back that the "Suspend-Bitlocker" cmd or attribute doesn't exist.
I also tried Launch a Program > $(KACE_SYS_DIR) > cmd.exe with parameters set to Manage-bde.exe -protectors -disable c:
Which also works locally. But logs say it completes but does not actually suspend Bitlocker.
Any help would be appreciated.