Updated on 31st July 2020
Download & install the below from git, which is easier and cleaner for less tech savvy users.
Updated on 12th October 2016
The below hack is applicable to Windows 10 also, however, after the RedStone update, the registry hack entry “might” get removed and if you still prefer to right click and lock the drive without restarting, you will have to import the registry once again.
Start registry editor (double click to merge is NOT anymore supported), from the “File menu” Select import and point to the lock-bde.reg or whatever name you have given to the registry file that was manually created.
End of update //12/October/2016
The major difference between Windows 8.x Professional and Windows 7 Professional? Well you have free Bitlocker encryption for your 8.x Windows box(professional onwards), while the same is limited to Ultimate and Enterprise editions for Windows 7
Enabling Bitlocker on a drive is pretty easy, right click and go on.
Obviously we will not recommend you to bitlock your root drive. If you do, you are on your own :)
Now we have a problem, to unlock you must enter a password or other bitlocker supported authentication methods, which is fine. The concern is the unlocked drive remains unlocked for any user logs into the same computer until a restart.
For me this is a clear concern. I have some stuff which is not appropriate for my 7 years old daughter, or for a friend who just wants to “check his emails” during a visit.
After loads of searches, I found some nice leads which helped me to re-lock a drive by right clicking the bitlocker enabled drive in the explorer window.
Below listed were the actual links, which helped me to achieve the objective on my Windows 8.1 boxes (Office laptop & Home PC)
spreadbytes solution had one problem, I am using the boxes without UAC, thus while the .vbs script fires, nothing happens and the drive remains unlocked
Technet thread had the exact requirement addressed & all I needed to do was, alter the scripts a bit here and there to achieve my target
Open notepad or notepad++ and copy the below text and save it as lock-bde.reg
Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\Drive\shell\relock-bde] "AppliesTo"="(System.Volume.BitLockerProtection:=1 OR System.Volume.BitLockerProtection:=3 OR System.Volume.BitLockerProtection:=5)" @="Relock drive..." "HasLUAShield"="" "MultiSelectModel"="Single" [HKEY_CLASSES_ROOT\Drive\shell\relock-bde\command] @=hex(2):77,00,73,00,63,00,72,00,69,00,70,00,74,00,2e,00,65,00,78,00,65,00,20,\ 00,6d,00,61,00,6e,00,61,00,67,00,65,00,2d,00,62,00,64,00,65,00,2d,00,6c,00,\ 6f,00,63,00,6b,00,2e,00,76,00,62,00,73,00,20,00,25,00,31,00,00,00
The hex values mentioned over here creates an entry like following
Once the value created, you can change the text as you desire to suite your situation (for Example, my development machine was not reading the PATH information properly, hence I was forced to add C:\Windows\system32 in front of the command
Open notepad or notepad++ and copy the following text into it. Then save as “manage-bde-lock.vbs”, and copy to c:\windows\system32
Args = "" Last = Wscript.Arguments.Count - 1 For i = 0 To Last Args = Args & " " & Wscript.Arguments.Item(i) Next Args = Replace(Args,"\","") CreateObject("Shell.Application").ShellExecute "manage-bde.exe", "-lock -forcedismount " & Args, "", "runas", 1
That’s it. You should get “Relock Driver…” context menu by right clicking on the bitlocker enabled driver from now onwards
Hope this helps few out there.
6 thoughts on “Windows | re-lock BitLocker unlocked drive”
after doing this all a problem is again………….
After you re-lock your derive and again you want to open it,,,, you right click the derive to unlock …… why the option of manage bit locker and unlock derive do not appears on the list this time???
we have to go to control panel to unlock our derive other wise no option appears there to unlock derive when you right click the derive to unlock derive,,,,,,,how to solve this problem?
Will you please copy us the .reg and .vbs files you created to w 7 b u g s at g m a i l d o t c o m ? (Please remove the spaces between characters for the email address)
Thank you and sorry to hear that you have issues following our post.
i just done the steps as above but it doesnt show any options to relock the drive to worsen the problem i have lost the option of manage bit locker and unlock drive as it does not apply on the list when i right click near the drive.how to bring back that option
We are sorry to hear that you came across issues following our instructions. We were just told that, the line breaks were creating issues for certain users when the scripts were copied from our blog.
Please try the following:
Remove the “relocak-bde” entry from registry
2. Restart the computer and see whether the Bitlocker Menu options are working properly.
3. Export the entire registry and for backup
4. Copy the new registry script and vb script
5. Follow the instructions
6. Post us your status
worked for me Thanks for windows 8.1 I love it thanks
Glad to know it helped you!