Share via

Creating Group policy to roll back bit locker using command manage-bde -off c:

Luu, Andrew [AG] 20 Reputation points
2024-06-20T12:27:13.65+00:00

I'm having problems with machines BSOD so I need to roll back bit locker silent install running in the background. Does anyone can guide me on how to create a GPO Group policy to have manage-bde -off c: run in the background to roll back bit locker encryption on our machines on the network? Dell encryption and bit locker clashes and causes BSOD.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,121 questions
Microsoft Configuration Manager Updates
Microsoft Configuration Manager Updates
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Updates: Broadly released fixes addressing specific issue(s) or related bug(s). Updates may also include new or modified features (i.e. changing default behavior).
1,003 questions
0 comments
Accepted answer
  1. Yanhong Liu 4,420 Reputation points Microsoft Vendor
    2024-06-21T08:09:57.4833333+00:00

    Hello,

    Thank you for posting in Q&A forum.

    To create a GPO that runs the "manage-bde -off c:" command in the background, you can follow these steps:

    1. Open "Group Policy Management", right-click the organizational unit (OU) where you want to apply the policy, and then select "Create GPO in this domain, and link it here".
    2. Name the GPO and click "OK".
    3. Right-click the newly created GPO and select "Edit".
    4. Navigate to "Computer Configuration" > "Policies" > "Windows Settings" > "Scripts (Startup/Shutdown)".
    5. Double-click "Start", click "Add", and then click "Browse".
    6. In the new window, right-click and create a new text document. Rename it to "DisableBitLocker.ps1" (make sure to change the extension to .ps1).
    7. Edit the .ps1 file and add the following code lines:

    powershell $command = 'manage-bde -off c:' invoke-expression $command

    1. Save and close the file.
    2. In the "Startup Properties" window, select the .ps1 file, and then click "OK".
    3. Close the Group Policy Management editor and link the GPO to the appropriate OU.

    After the GPO configuration is complete, it may take some time for it to be applied to the target computer. So, execute the gpupdate /force command on the target machine to force the group policy update, immediately applying the new Settings.

    Rolling back BitLocker encryption may result in data loss, so exercise caution.

    I hope the information above is helpful.

    Best Regards,

    Yanhong Liu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AlexZhu-MSFT 5,626 Reputation points Microsoft Vendor
    2024-06-21T02:49:00.35+00:00

    Hi,

    You can create a GPO with PowerShell.

    $command = 'manage-bde -off c:'
invoke-expression $command

    For a step-by-step process, you can refer to this guide.

    Regards,

    Alex

    0 comments