02-11-2019 08:40 AM
With a powershell script, I did change the boot order for T530 on dock station. After reboot, it is triggering bitlocker to ask a recovery key. This is bad.
I did a test with suspend bitlocker before the change and resume-bitlocker after the change.
How may I get that change without the recovery key need?
02-11-2019 09:06 AM
what you're seeing is by design. changing the boot order will prompt for the recovery key if bitlocker is not suspended.
this is documented everywhere. here's a link you should review, especially the "What causes BitLocker recovery" section.
02-11-2019 09:30 AM
I did not try undock. But when I will push my script, I will not be able to see if the computer is dock or undock. Why would it do a difference?
02-11-2019 09:37 AM
02-11-2019 09:51 AM
OK I did the test and without the dock bitlocker is not appearing. So what is happening exactly? How may I manage that with script?
02-11-2019 10:48 AM - edited 02-11-2019 10:52 AM
we don't have any mechanical docks that are compatible with the T530 (being that this came out almost 7 years ago).
i did however test this on a T450 connected to a compatible mechanical dock and successfully changed the boot order from within Windows while encrypted. No recovery prompt was thrown after the reboot.
I tested this on Windows 10 1809 with the TPM set to 2.0, not 1.2.
The next question is, are you on Windows 7 or Windows 10? If 7, I'll have to redeploy and re-test.