how to bypass bitlocker password during auto-updates, and subsequent reboot from Microsoft

Question

We have systems that are generally up 24x7 and people access remotely at all times of the day. Whenever a Microsoft patch is auto-applied, the system reboots, but then it asks for the Bitlocker password and since it is often afterhours, no-one is able to enter the password and the system shuts off.

I imagine one answer is to use some sort of Network-Based Disk Decryption, but is there any other way to do this? Is there a way to tell the Microsoft patcher to skip the BitLocker recovery on next reboot since it is the Microsoft patcher that is triggering the reboot??

Answer 1

Hello

Yes, there are a few ways to handle this situation:

Suspend BitLocker: Before applying the Microsoft patch, you can suspend BitLocker. This will temporarily disable BitLocker protection without decrypting your data, allowing you to perform firmware and system updates without problems. You can suspend BitLocker from the Control Panel or using PowerShell or Command Prompt. Once you’re done making system changes, you can always resume encryption to keep your files protected.

Disable BitLocker Temporarily: You can temporarily disable BitLocker on your PC using the command Manage-bde -protectors -disable %systemdrive% -rebootcount 2. This command disables BitLocker for the next two reboots.

Resolve Restart Loop: If your system is stuck in a restart loop due to BitLocker, you can follow the steps provided by Microsoft to resolve this issue.

BitLocker recovery: known issues - Windows Client | Microsoft Learn

Answer 2

Thanks Wesley, I appreciate your response!

I think I'm going to have to script this up. I'm thinking a script that is configured to run daily and checks and applies patches. I have a command which allows me to skip asking for the bitlocker password for the next N reboots, I'll just manually run a patch and reboot script at a designated low use time and then force a reboot with the bypass set for one time.