I'm working on a script to upgrade from Windows 10 to Windows 11 through an ISO image, but I'm unsure if I need to suspend BitLocker during the process. After running the script, some machines prompted for the BitLocker recovery key on reboot, even though they had the key available. Here's the script I used: https://pastebin.com/XHtjZyHP
4 Answers
You should definitely include a command to suspend BitLocker in your script. While the upgrade process generally tries to suspend it automatically, it’s safer to do it explicitly yourself. This way, you won’t have to rely on the setup to do it for you, which might not work perfectly every time. Just make sure your script can handle any potential errors from the suspend command, and consider how long the suspension should last, especially with multiple reboots involved.
You can look into the BitLocker options provided in the Windows Setup documentation. Even though the default behavior should work for most cases, adding the suspension command to your script ensures that you won't face any surprises with recovery prompts after the upgrade.
Also, I noticed a small issue in your script regarding the way you define the setup path. Using `Join-Path` is a good practice and would help avoid some errors. Just so you know, here's a possible alternative using `Join-Path`:
Just a note, if you don’t suspend BitLocker, the machines might auto-encrypt when they start up again, which can lead to issues if any modifications were made during the upgrade. Best to cover your bases with the suspend command in your setup.
Yeah, using `Join-Path` is definitely cleaner. You can simplify path creation and reduce errors. It’s a good habit to get into!