IT Consultant Everyday Notes

Just some problems/solutions storage

Bitlocker: Disable protection of system drive during Microsoft updates


Here is an elegant technique to automate Bitlocker protectors disable while Microsoft updates are installing.

This was shared by one of Microsoft Support Engineers.


Sometimes Microsoft updates can introduces changes locking the machine. To avoid that you can disable protectors for update time and re-enable them after.

To do that you can use Scheduler and monitor for Windows Updates event.

We need to create two scheduled tasks (either locally or using GPO):


First one is Suspend Bitlocker


It will start on Event


When MSInstaller starts Windows Updates it generates Event ID 1040


At that event we want to run a command to suspend protectors on C:



The second Scheduled Task is similar except Event ID we monitor and action.

When updates are installed an Event ID 1042 is issued


We are going to resume protectors at that event:



Note: The machine will have protectors in suspended state during Microsoft updates (they will be resumed after installation finish or after reboot), so it is a potential breach in your security. Use it on your own risk!

One response to “Bitlocker: Disable protection of system drive during Microsoft updates

  1. A November 7, 2017 at 9:32 pm

    Instead of events 1040 and 1042, use System events 43 and 19.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: