Category filter

Script to suspend or resume BitLocker protection on Windows 10/11 devices

BitLocker Drive Encryption is a data protection feature that encrypts the entire system drive (and external storage) to address threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. But despite being a useful feature for Windows devices, it has its downsides. If you enable encryption on the system drive, during a Unified Extensible Firmware Interface (UEFI) or Basic Input/Output System (BIOS) update, a hardware change, or when upgrading to a new version of the operating system, you may experience issues. You will be prompted to enter the recovery key during startup, because BitLocker will think that the device is being tampered with. Fortunately, we can prevent such encryption problems by suspending BitLocker using PowerShell and batch scripts. Hexnode UEM allows IT admins to remotely deploy these scripts to their endpoints using the Execute Custom Script action.


The sample scripts provided below are adapted from third-party open-source sites.

Batch Script

Suspend BitLocker protection

The script uses the Manage-bde cmdlet to suspend BitLocker encryption. The RebootCount parameter allows you to specify how many times your computer can reboot before BitLocker automatically reactivates. You can use values from 0 to 15, where zero suspends BitLocker until you manually resume protection.

Resume BitLocker protection

The script resumes BitLocker, keeping the system drive fully encrypted.

PowerShell Script

Suspend BitLocker protection

The Suspend-BitLocker cmdlet suspends BitLocker encryption on the BitLocker volume specified by the MountPoint parameter. Use -RebootCount in the command to determine how many times the computer can be rebooted before BitLocker is automatically re-enabled. Values from 0 to 15 are allowed. If the RebootCount parameter value is 0, BitLocker encryption remains suspended until you manually resume protection.

Resume BitLocker protection

Running the script enables the encryption protection feature on your device.


  • It is recommended to manually validate the script execution on a system before executing the action in bulk.
  • Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.

  • Sample Script Repository