I ran across a Best Practice today, for Bitlocker, that suggested Suspending bitlocker when applying any system updates to your Windows systems. I had never thought about this and wonder if anyone has done this on their systems. We have hundreds of notebooks that we manage and don't want to get a load of phone calls some Monday from users trying to get a recovery password to get in to their systems. We've never had problems with our notebooks so far when we've updated them so I guess my question really is will Microsoft tell us in any given update whether we need to worry about Bitlocker or not.Orange County District Attorney

From the Bitlocker team: The only thing they need to worry, in practice, are system updates that change BCD settings. It is rare, but not impossible, and should not be system specific (i.e. a test is likely conclusive).

Thanks for the note on my question. Are there any Bitlocker-specific logs on a Windows 7 system that can help pinpoint what might be kicking off a Bitlocker password prompt?Orange County District Attorney

WindowsLogs>ApplicationsAndServicesLogs>Microsoft>Windows>Bitlocker. Anything in there? Password prompt as in after patching?

Ah, of course, I forgot. I checked both the Admin and the Operational logs and there's nothing at all in there. Maybe I need to enable diagnostic logging?Orange County District Attorney

One other note that may have some bearing on my issue. I checked our Group Policy for Bitlocker and found that I have enabled Bitlocker Encryption on Fixed Data Drives Operating System Drives Removeable Data Drives We've only encrypted the Operating System drive, C: on our notebooks. I'm imagining our policy would allow encryption of Fixed Data Drives or Removeable Drives should that be necessary, correct? Otherwise, could this policy cause any Bitlocker password prompts?Orange County District Attorney

Can you check to see if the TPM chip got disabled in the BIOS? Just got a report that someone has seen that and wondering if yours is similar?

We checked the notebooks and none appear to have disabled the TPM in system BIOS. Most of our users are novices and stay away from the BIOS.Orange County District Attorney