Friday, November 13, 2009

How to re-lock a Bitlocker drive

So you've turned on Bitlocker encryption for a drive. You've unlocked it and done your work, but how do you re-lock it? Here's how to add an entry to the right-click context menu to re-lock the drive.

1. Open up Notepad and type in the following, replacing 'E:' with the drive letter of your Bitlocker drive:
manage-bde -lock E: forcedismount
2. Save the file as lock.bat somewhere accessible, such as C:\Windows or C:\Program Files\

3. Open up Registry Editor. Navigate to the following Key:
4. Create a new key named runas with the default value set to Lock.

5. Now right-click on runas in the left window pane and create a new key called command.

6. Set the value of the Default Entry to c:\windows\lock.bat or whatever locaiton you chose at step 2.

7. Navigate back to the runas key and create a new String Value called AppliesTo. Set the value to E: or whichever drive you have encrypted.

8. Goto Windows Explorer and test your new right-click context menu entry!


  1. how do you run the lock.bat file as admin? can't find it in the normal right click way... I guess it needs admin rights. I get this message when I try to lock it with rightclick>lock: E:\ Application not found.

    I have double checked the path in step 6.

  2. if you use this trick while the drive is open it wouldn't work. you should add:
    manage-bde -lock e: forcedismount

    1. by the way did you not realise that your recommended method have typo error ... it's missing a dash before ForceDismount it should have been ...

      manage-bde -lock e: -ForceDismount

      Please take note of the uppercase and lowercase words too.

  3. hvid74 - I'm running with UAC turned off. Naughty I know, but it works. I'll try turning it back on and see what happens.

    joas - Many thanks for the tip. I tried and you're right it doesn't work when a file is in use. I've edited the post.

  4. A suggestion on improvement.

    1. Install the elevation powertoy - needs on UAC boxes.

    2. Setup regsitry as so.

    "AppliesTo"="(System.Volume.BitLockerProtection:=1 OR System.Volume.BitLockerProtection:=3 OR System.Volume.BitLockerProtection:=5) "
    @="Lock BitLocker Volume"

    @="@%SystemRoot%\\System32\\elevate.cmd @%SystemRoot%\\System32\\manage-bde.exe -lock G:"

    3. If any one has the solution to change G:\ to G: though the use of %1. Even better.

  5. Thankyou but if running win7 it is important that on step 6 you use:

    cmd /c c:\windows\lock.bat

    This will let you RUN AS ADMIN,
    Also I only use...

    manage-bde -lock C:

    Thankyou for a GREAT GUIDE

  6. You can use %~d1 to get the drive letter rather than hard-coding it. I'm not sure, though, if that kind of expansion would work outside of a .cmd or .bat file.

  7. I did the following but it still did not work ...

    1. Open up Notepad and type in the following, replacing 'E:' with the drive letter of your Bitlocker drive:

    manage-bde -lock E:

    2. Save the file as lock.bat in C:\Windows

    3. Open up Registry Editor. Navigate to the following Key:


    4. Create a new key named runas with the default value set to Lock.

    5. Now right-click on runas in the left window pane and create a new key called command.

    6. Set the value of the Default Entry to cmd /c c:\windows\lock.bat

    7. Navigate back to the runas key and create a new String Value called AppliesTo. Set the value to E:

    My drive is e: , if i right click, the word 'Lock' appears - however it still doesn't lock. Please help.

  8. By the way, I am using Windows 7

  9. Managed to figure out, thank you for all the contributions, thanks ... I tried to lock it from the shortcut and of course it didn't work but if you go to My computer and right-click at the drive you intend to lock, it works! I couldn't thank all of you enough.

  10. Thank you so much! And also, thank you devilz_child24 for your hint. Awesome.

  11. I got it working but how do I apply this to more than 1 drive?

  12. Thanks for the post. I am using windows 7 and it perfectly worked for me. I had my UAC(User Account Control) turned off and In step one, in case of'manage-bde -lock E: forcedismount
    ' I typed this 'manage-bde -lock E:' Don't forget to replace the drive letter with the drive you want to perform the task.

  13. Thanks for writing this guide and also thanks to devilz_child24 for his hint

  14. I had to add a "dash" in front of forcedismount in order for it to work. Here is how it should be.

    manage-bde -lock e: -forcedismount

  15. I really tried implementing the above, but couldn't make it work for my PC (it kept complaining about not finding manage-bde.exe even with UAC off)...

    Eventually I decided to use the right-click-on-a-bitlocker-drive feature just to print out the syntax of the command.

    1. I made up my own "lock-bde" key (instead of using the generic "runas" which might be overwritten by some other app).
    2. I apply this only to my locked P: drive.
    3. I print out the syntax of the command and pause so it will be possible to copy the command. It looks like this:

    Run the following command from and elevated command prompt:

    manage-bde -lock P: -forcedismount

    Press any key to continue . . .

    Here's the lot in a registry file format (paste into a file name lock-bde.reg for example and double-click from Windows Explorer to install).

    Windows Registry Editor Version 5.00

    @="Lock Drive..."

    @="cmd.exe /c \"echo Run the following command from and elevated command prompt: & echo. & echo. manage-bde -lock P: -forcedismount & echo. & pause\""

  16. Thanks a lot...
    I got it working. but, how do I apply this to more than 1 drive?

  17. Hey you can download these files here directly:

  18. Hey its a direct method for having right click context menu option for lock drive:

  19. After a long research, i got good trick.. it can be used for all drive ..

  20. Thanks!!! Works Great Win 7 ult 64

  21. It's an absolute disgrace that there is no simple way to re lock. Why would you waste your money on ultimate when it is this crap.

  22. I got it working by typing this in notepad,
    manage-bde -lock E: -ForceDismount
    where "E" is the drive letter
    the syntax of forcedismount is important to make this work
    for me atleast :P

  23. I tried the procedure mentioned and I got the lock option during the right click but it says
    "Application not found"

    can you please help
