K1000 Security -> Dell Updates & bitlocker
Has anyone found a way to have the K1000 server/agent suspend Bitlocker when applying Dell Updates through the K1000? As an enterprise security policy, we are required to have Bitlocker enabled on all endpoints.
In our testing, it seems like deploying BIOS updates via Dell Updates in the K1000 triggers Bitlocker protections. This would be easily mitigated if there was a way to temporarily suspend Bitlocker while the update is installed.
Unfortunately, I cannot find a way to invoke the Dell Updates from the command line where I would write a script to suspend Bitlocker and then run the Dell Updates (think manually invoking runkbot 4 0).
I could write a manual script or MI to deploy each BIOS update, but this becomes immediately unscalable and unsustainable. It also defeats the whole point of the Dell Updates and having the K1000 manage them.
I've even considered creating a whole bunch of smart labels - One that would detect the need for updates, which would trigger a script to run suspending Bitlocker. Then having another label that would recognize Bitlocker's suspension and apply the BIOS update. Unfortunately, this leaves room for error where a machine could have bitlocker suspended for prolonged periods of time, potentially resulting in the system having a vulnerable posture.
Has anyone else found a way around this that provides some level of automation?
Thanks.
3 Comments
[ + ] Show comments
Answers (0)
Please log in to answer
Be the first to answer this question
Then trigger your Updates Job.
Finally send another script to enable Bi-locker.
See:
http://www.isumsoft.com/windows-10/enable-suspend-or-resume-bitlocker-protect-for-drive.html
Method 2 uses CMD
Method 3 uses PS - Channeler 6 years ago
Maybe use GPO if possible (we don't use bitlocker here), to disable that and then time a Dell Updates schedule? - Channeler 6 years ago
You can also vote for this request on the UserVoice:
https://kace.uservoice.com/forums/82699-sma-k1000/suggestions/31775392-patching-needs-a-workflow-builder-with-scripts-no - chucksteel 6 years ago