How to Disable BitLocker Notifications via SCCM and fveutility.exe fvenotify.exe
I'd like to hide the notification when Bitlocker policy kicks in and fvenotify.exe runs. There's a toast notification that runs > Bitlocker Notification Utility "Encryption in Progress" We're using SCCM with Bitlocker Administration policy. I've tested adding fvenotify.exe to a GPO and Do Not Run Specified application but then you get a message about the Restriction - from the GPO.
3rd party Whitelisting Application Control and Windows OS Upgrades from SCCM
Hello everyone! I am being as ambiguous as possible because I do not want to identify the vendor or customer. I am an admin for a 3rd party Application Control software with a client with a concern: OS: Windows 10 1909, upgrading to 20H2 Some context: Automating Windows Upgrades. I use 3rd party software to manage the same software. Windows Updates work fine, as only a few execution control rules need to be created. Major OS Upgrades (1909 to 20H2, in this case) are largely blocked, which is by design since the Windows directory itself is protected. The customer has a strict governance on the software allowed/whitelisted. While my software has a specific mode that is designed for this type of upgrade, which by nature allows changes to be made to the system. Leaving the system in this mode longer than is required for the OS Upgrade is a security hole we need to avoid. We do this the Application to change to this mode in order to make the required changes to the OS. Currently, SCCM creates a custom variable that my software scans for, and then executes the change on the system(s), then creates another variable when the upgrade is complete to lock the system down again. I do not want to depend on SCCM for my deployments. I'm trying to remove an extra point of failure. All that leads to this ask: Is there any flag, change, or otherwise modification that occurs, with respect to Windows, before the upgrade? I'm effectively looking for something that I can detect or scan for reliably to automate changing modes from my own automation. Thank y'all for your time!Bitlocker Encryption still running at 128kb instead of the required 256kb.
Hi Hopefully I have put this in the correct forum 🙂 We use SCCM and have created a Windows 10 deployment which should set bitlocker encryption to 256KB but instead it's setting it to 128KB. The step to change the encryption is set in the build sequence. Its not Group policy that is affecting it as its occuring well before then and at build. Does anyone have any suggestions what it could be? I will post this on the Microsoft Endpoint Manager forum in case its best answered there. Many Thanks
