In Windows, we can use BitLocker drive encryption to protect a drive and encrypt its data. We can also encrypt entire operating system drive with BitLocker. But sometimes you may need to disable BitLocker drive encryption for OS drive during firmware upgrades or system upgrade. In such a case, decrypting the data and such operations is not a wise choice.
To meet such problems, Microsoft offers suspend protection option for BitLocker drives. It is a temporarily suspension for an encrypted drive. You can use suspend protection to make keys used to decrypt the data available to everyone in the clear. However, it still means the new data to BitLocker enabled drive will be still encrypted. Also, when suspend protection is enabled, BitLocker doesn’t validate system integrity at start up. It is recommend that you must you suspend protection as a temporary measure and use resume protection as soon as you complete operation that requires BitLocker disability.
Here is how you can manage suspend or resume protection for BitLocker drive encryption.
Page Contents
Suspend Or Resume BitLocker Protection In Windows
Method 1 – Via Control Panel
1. Open Control Panel and select BitLocker Drive Encryption.
2. Select the drive for which you want to suspend protection and click on Suspend protection link.
3. In the confirmation prompt appearing next, click on Yes.
4. In few moments, the protection for that BitLocker drive should be suspended. You must be receiving a notification as well, for same.
5. You can click on Resume protection link appearing then, to resume protection later for the drive.
Method 2 – Via Command Prompt
1. Open administrative Command Prompt window.
2. In the Command Prompt window, type following location to suspend protection for a Bitlocker protected drive.
manage-bde -protectors -disable <drive>
* In above command, replace <drive> with actual drive in your case, for example, C:.
3. When you receive Key protectors are disabled… message in return, this means drive protection is suspended successfully.
4. To resume protection, you can use following command:
manage-bde -protectors -enable <drive>
* In above command, replace <drive> with actual drive in your case, for example, C:.
5. Once done, you can close Command Prompt.
That’s it!
Leave a Reply