How To Skip BitLocker Screen Whenever Computer Is Restarted


  1. pepanee
    Posts : 2,911
    Windows 10 Pro for the Bro
       New #1

    How To Skip BitLocker Screen Whenever Computer Is Restarted


    How can I skip the BitLocker screen
    ( https://www.windowscentral.com/sites...rd-startup.jpg ) whenever I Restart the computer? Whenever I restart the computer, that implies that I'm still the user at the computer, so I don't have to go through the small annoyance of retyping the password.
    If I Shut Down the computer instead, then turn the computer back on, then the BitLocker screen should show up, since anyone else can be at the computer. If Windows decides to automatically restart the computer, after updates or whatever, then it should also skip that screen. It's annoying sometimes whenever I come back to the computer and see that blue BitLocker screen open on the monitor, instead of having the monitor be off in stand-by mode (which is how I have it set up in Windows whenever the computer is idle). It has even happened a few times when I woke up. Sometimes I go to sleep with the computer running idly, with the monitor in stand-by mode. But when I wake up, I see that blue BitLocker screen on the monitor (because Windows made some updates and restarted the computer).

    What are your thoughts? Thanks
      My Computer
    Quote Quote

  3. Bobby Phoenix
    Posts : 685
    Windows 10 Pro 64-bit
       New #2

    "What are your thoughts? Thanks"

    My thoughts are that is false thinking. Just because it's restarting doesn't mean the computer should think it's the same person. What if you walked away from the computer, and someone else came to it, and decided to restart it? The computer has no way of knowing who is doing what, so it should act the same either from a shutdown, or a restart.
      My Computer
    Quote Quote

  4. pepanee
    Posts : 2,911
    Windows 10 Pro for the Bro
    Thread Starter
       New #3

    Ok thanks.

    If I walk away from the computer, the computer is open for anyone to use within the next few minutes until the Lock Screen shows up. It is completely pointless if they want to restart the computer, because they can use the computer once I walk away from it if I left it unlocked. So that's not the case.
      My Computer
    Quote Quote

  6. lx07
    Posts : 5,478
    2004
       New #4

    If you have set bitlocker to require a password (you don't have to) then you'll always get that screen if you reboot and bitlocker is enabled.

    If you know you are going to restart you can suspend bitlocker and it will be off until after next reboot. This means the password/PIN or USB isn't required for next reboot. So if you see it is downloading something before you go to bed you could suspend bitlocker and it will reboot without the prompt.

    If you wanted to do this automatically your could probably (I've not tried it) write a script like this and schedule it to run every hour or whatever. It checks if windows update wants to do an reboot and if so suspends protection.

    Code:
    If ((Test-Path "hklm:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending") `
-OR (Test-Path "hklm:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired") `
-OR (Test-Path "hklm:\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations")) {
    manage-bde –protectors –disable C: -rc 1
}
    Manage-bde: protectors
    How to programmatically check if windows needs to be rebooted?

    I'd rather do it manually though myself rather than have a program (perhaps incorrectly) suspending protection.
      My Computer
    Quote Quote

  7. pepanee
    Posts : 2,911
    Windows 10 Pro for the Bro
    Thread Starter
       New #5

    Okay yes, I did a quick summary of all that info. Yes I'm looking for something similar to this. Maybe like a command that I can put into the Task Scheduler that states if the computer is restarted, then do disable BitLocker. Yes, that's the best and most simplest way to put it.

    On a different note, I use the Task Manager to have the Hibernate command "on-demand". In general, whenever Hibernate is enabled, it creates a file, depending on the size of your RAM, in C:
    For me, that size would be an 8 GB file just sitting there taking up space. So I set up the "Hibernate" command to where when I press Hibernate, that 8 GB file gets created at that instance, and once I bring the computer back from Hibernate, that 8 GB file gets deleted immediately. This implies that I never really have to deal with a big useless file taking up space. If the OS drive gets to where it only has 8 GB of free space left, then that's a different story, and that would never happen. Anyways...

    So yes, I hope someone can help me set up a command in the Task Scheduler to:
    Disable BitLocker verification if, and only if, the computer is properly restarted.
      My Computer
    Quote Quote

  8. pepanee
    Posts : 2,911
    Windows 10 Pro for the Bro
    Thread Starter
       New #6

    So I'm thinking more about this and did a little tiny bit more research. What I mean by disable BitLocker verification is properly known as: Suspending BitLocker

    So I saw that the command would be slightly more complicated than simple inputs in Task Scheduler. I have to make a separate ".cmd" file that contains the code to suspend BitLocker for one instance, convert it to an exe (to be able to use it in Task Scheduler) which is ALL doable, I know how to do all that!! Which is good news. Yet the only one missing piece is how can I have Task Scheduler run this task once it sees that the computer has been only properly restarted?
      My Computer
    Quote Quote

  9. lx07
    Posts : 5,478
    2004
       New #7

    You need to trigger the task when Event ID 1074 is received.

    As this event covers both shutdown and restart so you want to check param5 = "restart".
    Code:
    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="User32" Guid="{b0aa8734-56f7-41cc-b2f4-de228e98b946}" EventSourceName="User32" /> 
  <EventID Qualifiers="32768">1074</EventID> 
  <Version>0</Version> 
  <Level>4</Level> 
  <Task>0</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x8080000000000000</Keywords> 
  <TimeCreated SystemTime="2017-07-16T19:47:25.107205900Z" /> 
  <EventRecordID>12565</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="572" ThreadID="1852" /> 
  <Channel>System</Channel> 
  <Computer>X201</Computer> 
  <Security UserID="S-1-5-21-2455005471-2045745958-4013020612-1001" /> 
  </System>
- <EventData>
  <Data Name="param1">C:\WINDOWS\Explorer.EXE (X201)</Data> 
  <Data Name="param2">X201</Data> 
  <Data Name="param3">Other (Unplanned)</Data> 
  <Data Name="param4">0x0</Data> 
  <Data Name="param5">restart</Data> 
  <Data Name="param6" /> 
  <Data Name="param7">X201\Hali</Data> 
  </EventData>
  </Event>
    Should be doable - see Reference The Event That Triggered Your Task Management Matters

    You don't need to make an exe - you can call powershell.exe and pass the path to the script as a parameter. Use Scheduled Tasks to Run PowerShell Commands on Windows Hey, Scripting Guy! Blog

    The script need only say manage-bde –protectors –disable C: if param5=restart. As it is so small/quick it should hopefully finish before it gets ended by the system.
      My Computer
    Quote Quote

  10. pepanee
    Posts : 2,911
    Windows 10 Pro for the Bro
    Thread Starter
       New #8

    Okay thanks for all that info, I'd rather have it all through Task Scheduler if possible though (since I also have my Hibernate command over there, and a few more tasks as well; I like them all in one location) yet if not, then I'll look at PowerShell.

    I was able to figure out more details here.
    I made a ".cmd" file: manage-bde.exe –protectors –disable c: -RebootCount 1

    which states to suspend BitLocker for when the computer is restarted once. Which is all perfectly correct, since now in Task Scheduler, I can have this command run every time the user logs off. It doesn't matter if the computer shuts down or not, this would be there, for when the computer is Restarted. So this could work nicely, yet that command apparently didn't work. I gotta mess around a little bit in there and see if I can get it to work. If anyone knows of adjustments that I need to make in that command, please post what you think. Thanks
      My Computer
    Quote Quote

  12. lx07
    Posts : 5,478
    2004
       New #9

    The command looks OK but manage-bde requires administrator privileges. You need to ensure your task is running with sufficient rights - it could be that.

    What you're planning here by suspending bitlocker every log-off means your system will be unlocked both for reboot and after shutdown.

    If you want to suspend bitlocker in the case of restart but not shutdown you'll have to pass Param5 to your powershell (or cmd) script and check it.

    If you don't bitlocker will be active only when you are logged on and never when you've shutdown or restart. This is almost the same as turning it off completely. While your drive would still be encrypted (which would stop access to your data if Windows would not boot for some reason) anyone who could boot Windows would be able to access your data with no restriction as it would automatically be unlocked. They could even take your hard drive out of your PC and put it in another PC to boot.
    Last edited by lx07; 16 Jul 2017 at 16:41. Reason: manage-bde works in cmd too
      My Computer
    Quote Quote

  13. pepanee
    Posts : 2,911
    Windows 10 Pro for the Bro
    Thread Starter
       New #10

    Okay cool. Thanks for all the info.
      My Computer
    Quote Quote

 

  Related Discussions
After updating to Windows 1903 my computer was showing the message "Reboot and select proper boot device". After following the fix listed here I ran into a new problem. The first time I booted up my SSD after applying those fixes, I was met with...
We have a computer with Bitlocker (TPM) on it and I use Sophos to track the recovery key. Each time you use the recovery key it resets the key and tells Sophos the new key. We don't have the windows password to log on so we cannot change the boot...
Is my computer safe without a Bitlocker password?
in AntiVirus, Firewalls and System Security

I encrypted my entire drive, and everything went fine. I notice there is no preboot password though, it just uses my normal login screen password. My other older computers have Veracrypt on them. You can't do a thing with those until you enter the...
My computer would occasionally make a short buzz sound (1/2 second), then get a blue screen and restarts. I took everything apart and found my video card, Nvida GeForce GTX 660, to be full of dust. I took it apart and cleaned it. Now, I want to know...
Bitlocker Blank blue screen at PIN screen
in AntiVirus, Firewalls and System Security

Our organization requires Laptops to be Encrypted with a PIN #. One of our Laptops is giving me trouble. I have Bitlocker turned on and fully encrypted and have require Startup PIN with TPM in the Require additional authentication at startup in...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 21:27.
Find Us




Windows 10 Forums