Suspend BitLocker as part of the Patch Detect & Deploy Jobs
K1000 should (through inventory detection) be able to determine that the machine has BitLocker enabled and during a patch deployment of that machine, there should be an option to suspend BitLocker (manage-bde –protectors –disable c:) before the reboot so the patch job does not get stuck at waiting for a user to enter the BitLocker PIN. If multiple reboots are required the K1000 can continue to disable BitLocker in a Detect & Deploy job until all patches have been installed. After which BitLocker can be resumed. This would be a HUGE help if it can be added to the product. Thanks.
Wendell
shared this idea
This feature request is under review. We encourage others to vote for it to be considered in a future release.
-
Jason
commented
I just had a Dell patch Bios update schedule update about 130 Dell desktops, models 5080 & 5090, had about 20 devices get stuck at need Bitlocker password ugh!
Not sure why the rest worked without any issues.. but a feature within the patch schedule would be nice to suspend the Bitlocker for X reboots... etc..
For HP, I have my own process that does everything with powershell to suspend Bitlocker, then uses the HP powershell process to detect bios & install update/reboot etc...
I may have to figure a way to do this with Dell as well and just scrap the Dell patch schedules for bios updates...
-
John
commented
If Quest was to add in this other feature request https://kace.uservoice.com/forums/82699-sma-k1000/suggestions/7380595-add-the-ability-to-associate-a-script-to-a-patch-s
it could be another way to achieve this request. Please consider voting for that request if it would be helpful to you.
-
Todd KJ7JHH
commented
Is there any word on this? It would be a great feature to have.
-
Scott ELi
commented
We just had this discussion this morning about why we can't stay up to date on BIOS because we can't have KACE push it due to encryption. This would be a very nice feature to have.
-
Jon Hall
commented
Still under review after more than three years? Come on, Quest! This is a big part of the product that we've had to disable. Can't you just throw some code into the Dell Update task to suspend Bitlocker and re-enable it when the task is completed?
-
Jens Lindig
commented
Any update would be very appreciated. Wondering why nothing happens.
-
Anonymous
commented
4 years later and still a great idea with tons of votes!
-
MG
commented
This is a very important feature, now more than ever with lots of people working remotely with company's equipment.
Is there any update yet? -
Jon Hall
commented
This is vital, especially for Dell patching. We've had several users required to enter the 256-bit key after a BIOS update cycle.
-
Mark Johanns
commented
It would be good for the people who dont have bitlocker that in a same kind of way they also can supply the bios passwords for the laptop which would mean lot less manual labour
-
Anonymous
commented
I would love to see this too. Also, if it could be used for Dell Update specifically BIOS updates.
-
IT Ninja
commented
Yes, this is very much needed please.
-
Aaron W
commented
Please add this feature, it would save us hours of manual scripting and add marketable value to the product.
-
Nick Raymond
commented
Please add this feature so that we don't have to manage it through script and tasks.
-
Daniel
commented
Yes, this is very much needed!
-
Anonymous
commented
Yes, please build into the SMA the ability to suspend BitLocker before deploying BIOS updates. We've come up with several ways using PowerShell to do this, but they all feel like hacks. As BitLocker becomes more popular more people will need this feature.
-
Scott Eli
commented
I have built a script to suspend Bitlocker so that I can run BIOS updates during our maintenance window. It would be a huge benefit to have it in the patching section.
-
Brian Gavin
commented
This would be very helpful to Administrators and Users.
-
Wayne Faltin
commented
This would really help, please make it happen!
-
Bill
commented
revoted