Windows 7 Thread, Suspending Bit Locker from the command prompt within Win PE in Technical; Currently go through this process ( as out lined below ) to suspend bit locker from the command prompt when ...
26th March 2014, 03:27 PM #1
Suspending Bit Locker from the command prompt within Win PE
Currently go through this process ( as out lined below ) to suspend bit locker from the command prompt when booted into Windows PE
Just wanted to know if there was a way of doing this via a batch file or similar
Type the below command and press enter diskpart
Once disk part is loaded type the below command and press enter List Volume
This should output the list of volumes with drive letters, capacity of each partition etc manage-bde -protectors -disable X:
Where X: is the drive letter that needs bit locker suspending ( you can check what drive letter by doing the below )
Appologies if this is in the wrong area - it relates to windows 7 and bit locker so have currently placed in the windows 7 area, although it is a batch file that I am after so if an admin can move this if it needs to be moved
or anyone else that can assist with a batch script / file
26th March 2014, 03:42 PM #2
If you have a Windows 7 workstation with RSAT installed, open up Group Policy Management > open the GPO, then navigate to: Computer Config > Policies > Windows Settings > Security Settings > System Services. Disable the service and that's it.
Obviously my suggestion will work if you want to disable it across all volumes. To read/use a flash drive with BitLocker already set up will still need the service set to Auto.
26th March 2014, 03:55 PM #3
Good suggestion although ( not having a go however )
Originally Posted by Michael
1) I work in 2nd line desktop support so do not have access rights to GPO - even if I did I don't want to disable it system or site wide
2) I generally only need this for when repairing / recovering data from laptops so wanted a batch script to do this so I don't have to keep typing the commands out ( as I can get the bit locker recovery key from the computer account within AD )
Also as a side note with bit locker, is there a way of saving a text file or some file onto a memory stick so I don't have to keep re-entering the recovery key onto the laptop so as to access the data / do system repairs etc
Also is there a faster way of getting to the WinPE recovery screen so I can explore the contents of the hard drive / launch the command prompt etc as currently we have to
1) Enter the recovery key at the dos like screen
2) click yes to enable the network connection / mapping of network drives
3) Enter in the local admin account credentials ( this part I don't mind doing ref entering local admin logon details )
4) Then have to enter in the recovery key for a 2nd time
5) Then it attempts to do repairs which run for 15 to 20 mins which you can try and cancel however it still runs for another few mins
6) You can finally click a link to open up the advanced tools etc but it does not always load the explore the hard drive option etc, only seem to get command prompt etc
26th March 2014, 04:00 PM #4
If you just want to see whats in the drive just plug it in to another Windows 7 computer, it will recognise it as a bitlocker drive at which point you enter your recovery key and have access.
Originally Posted by mac_shinobi
26th March 2014, 04:06 PM #5
We only have one working drive caddy that is half decent and when the drive is on the verge of failing I have found it better to keep the hard drive installed in the same laptop and leave it for hours to read the data etc as have attempted using the drive caddy as you described above but this has just failed and keeps prompting to format the drive ( which we obviously don't want to do when attempting to recover data off the drive )
Originally Posted by SYNACK
So am still after a batch script .......
Think the order I need to do the bat commands in are
disk part list volume
Then request which drive letter / partition you want to suspend
then use the above input to suspend said drive letter / partition
Display a message that Drive X: has had the bit locker encryption suspended etc
Last edited by mac_shinobi; 26th March 2014 at 04:08 PM.
26th March 2014, 05:06 PM #6
26th March 2014, 05:07 PM #7
Do the laptop drives have many partitions? Is it not always the C: drive (99% of the time)?
Originally Posted by mac_shinobi
Last edited by Arthur; 26th March 2014 at 05:11 PM.
26th March 2014, 05:25 PM #8
When booted into windows PE when I do a list volume, it shows the 500mb partition with the drive letter assignment of D: ( but yes they are mostly all generally the C: Drive )
Originally Posted by Arthur
I just want the script to request which drive letter and then suspend encryption on that drive letter just in case there are a few laptops that come in that have or use a different partition letter assignment
Unless you have some way of checking that it is not the recovery partition ie capacity is greater than 500mb ?
Last edited by mac_shinobi; 26th March 2014 at 05:34 PM.
By NETKILLER in forum Scripts
Last Post: 23rd August 2011, 11:39 AM
By albertwt in forum Windows Server 2000/2003
Last Post: 22nd April 2010, 12:37 AM
By CyberNerd in forum Jokes/Interweb Things
Last Post: 28th October 2008, 09:42 PM
Last Post: 14th April 2008, 01:14 PM
By ronanian in forum Windows
Last Post: 5th February 2008, 04:24 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)