+ Post New Thread
Results 1 to 8 of 8
Windows 7 Thread, Suspending Bit Locker from the command prompt within Win PE in Technical; Currently go through this process ( as out lined below ) to suspend bit locker from the command prompt when ...
  1. #1

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,807
    Thank Post
    3,320
    Thanked 1,056 Times in 977 Posts
    Rep Power
    365

    Suspending Bit Locker from the command prompt within Win PE

    Currently go through this process ( as out lined below ) to suspend bit locker from the command prompt when booted into Windows PE

    Type the below command and press enter

    diskpart

    Once disk part is loaded type the below command and press enter

    List Volume

    This should output the list of volumes with drive letters, capacity of each partition etc

    manage-bde -protectors -disable X:

    Where X: is the drive letter that needs bit locker suspending ( you can check what drive letter by doing the below )
    Just wanted to know if there was a way of doing this via a batch file or similar

    Appologies if this is in the wrong area - it relates to windows 7 and bit locker so have currently placed in the windows 7 area, although it is a batch file that I am after so if an admin can move this if it needs to be moved

    Thanks
    @Arthur @Steve21

    or anyone else that can assist with a batch script / file

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    If you have a Windows 7 workstation with RSAT installed, open up Group Policy Management > open the GPO, then navigate to: Computer Config > Policies > Windows Settings > Security Settings > System Services. Disable the service and that's it.

    Obviously my suggestion will work if you want to disable it across all volumes. To read/use a flash drive with BitLocker already set up will still need the service set to Auto.

  3. #3

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,807
    Thank Post
    3,320
    Thanked 1,056 Times in 977 Posts
    Rep Power
    365
    Quote Originally Posted by Michael View Post
    If you have a Windows 7 workstation with RSAT installed, open up Group Policy Management > open the GPO, then navigate to: Computer Config > Policies > Windows Settings > Security Settings > System Services. Disable the service and that's it.

    Obviously my suggestion will work if you want to disable it across all volumes. To read/use a flash drive with BitLocker already set up will still need the service set to Auto.
    Good suggestion although ( not having a go however )

    1) I work in 2nd line desktop support so do not have access rights to GPO - even if I did I don't want to disable it system or site wide
    2) I generally only need this for when repairing / recovering data from laptops so wanted a batch script to do this so I don't have to keep typing the commands out ( as I can get the bit locker recovery key from the computer account within AD )

    Also as a side note with bit locker, is there a way of saving a text file or some file onto a memory stick so I don't have to keep re-entering the recovery key onto the laptop so as to access the data / do system repairs etc

    Also is there a faster way of getting to the WinPE recovery screen so I can explore the contents of the hard drive / launch the command prompt etc as currently we have to

    1) Enter the recovery key at the dos like screen
    2) click yes to enable the network connection / mapping of network drives
    3) Enter in the local admin account credentials ( this part I don't mind doing ref entering local admin logon details )
    4) Then have to enter in the recovery key for a 2nd time
    5) Then it attempts to do repairs which run for 15 to 20 mins which you can try and cancel however it still runs for another few mins
    6) You can finally click a link to open up the advanced tools etc but it does not always load the explore the hard drive option etc, only seem to get command prompt etc

  4. #4

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,225
    Thank Post
    874
    Thanked 2,717 Times in 2,302 Posts
    Blog Entries
    11
    Rep Power
    780
    Quote Originally Posted by mac_shinobi View Post
    Also is there a faster way of getting to the WinPE recovery screen so I can explore the contents of the hard drive / launch the command prompt etc as currently we have to
    If you just want to see whats in the drive just plug it in to another Windows 7 computer, it will recognise it as a bitlocker drive at which point you enter your recovery key and have access.

  5. #5

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,807
    Thank Post
    3,320
    Thanked 1,056 Times in 977 Posts
    Rep Power
    365
    Quote Originally Posted by SYNACK View Post
    If you just want to see whats in the drive just plug it in to another Windows 7 computer, it will recognise it as a bitlocker drive at which point you enter your recovery key and have access.
    We only have one working drive caddy that is half decent and when the drive is on the verge of failing I have found it better to keep the hard drive installed in the same laptop and leave it for hours to read the data etc as have attempted using the drive caddy as you described above but this has just failed and keeps prompting to format the drive ( which we obviously don't want to do when attempting to recover data off the drive )

    So am still after a batch script .......

    Think the order I need to do the bat commands in are

    disk part list volume
    Then request which drive letter / partition you want to suspend
    then use the above input to suspend said drive letter / partition
    Display a message that Drive X: has had the bit locker encryption suspended etc
    Last edited by mac_shinobi; 26th March 2014 at 04:08 PM.

  6. #6

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,225
    Thank Post
    874
    Thanked 2,717 Times in 2,302 Posts
    Blog Entries
    11
    Rep Power
    780

  7. #7


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,062
    Thank Post
    232
    Thanked 2,716 Times in 2,004 Posts
    Rep Power
    794
    Quote Originally Posted by mac_shinobi View Post
    request which drive letter / partition you want to suspend
    Do the laptop drives have many partitions? Is it not always the C: drive (99% of the time)?
    Last edited by Arthur; 26th March 2014 at 05:11 PM.

  8. #8

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,807
    Thank Post
    3,320
    Thanked 1,056 Times in 977 Posts
    Rep Power
    365
    Quote Originally Posted by Arthur View Post
    Do the laptop drives have many partitions? Is it not always the C: drive (99% of the time)?
    When booted into windows PE when I do a list volume, it shows the 500mb partition with the drive letter assignment of D: ( but yes they are mostly all generally the C: Drive )

    I just want the script to request which drive letter and then suspend encryption on that drive letter just in case there are a few laptops that come in that have or use a different partition letter assignment

    Unless you have some way of checking that it is not the recovery partition ie capacity is greater than 500mb ?
    Last edited by mac_shinobi; 26th March 2014 at 05:34 PM.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 2
    Last Post: 23rd August 2011, 11:39 AM
  2. Throttling down the WSUS server download from the internet using BITS
    By albertwt in forum Windows Server 2000/2003
    Replies: 4
    Last Post: 22nd April 2010, 12:37 AM
  3. [Website] Order Pizza from the command line
    By CyberNerd in forum Jokes/Interweb Things
    Replies: 3
    Last Post: 28th October 2008, 09:42 PM
  4. Replies: 5
    Last Post: 14th April 2008, 01:14 PM
  5. Replies: 0
    Last Post: 5th February 2008, 04:24 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •