1. Open up Notepad and type in the following, replacing 'E:' with the drive letter of your Bitlocker drive:
manage-bde -lock E: forcedismount2. Save the file as lock.bat somewhere accessible, such as C:\Windows or C:\Program Files\
3. Open up Registry Editor. Navigate to the following Key:
HKEY_CLASSES_ROOT\Drive\shell4. Create a new key named runas with the default value set to Lock.
5. Now right-click on runas in the left window pane and create a new key called command.
6. Set the value of the Default Entry to c:\windows\lock.bat or whatever locaiton you chose at step 2.
7. Navigate back to the runas key and create a new String Value called AppliesTo. Set the value to E: or whichever drive you have encrypted.
8. Goto Windows Explorer and test your new right-click context menu entry!
how do you run the lock.bat file as admin? can't find it in the normal right click way... I guess it needs admin rights. I get this message when I try to lock it with rightclick>lock: E:\ Application not found.
ReplyDeleteI have double checked the path in step 6.
if you use this trick while the drive is open it wouldn't work. you should add:
ReplyDeletemanage-bde -lock e: forcedismount
by the way did you not realise that your recommended method have typo error ... it's missing a dash before ForceDismount it should have been ...
Deletemanage-bde -lock e: -ForceDismount
Please take note of the uppercase and lowercase words too.
hvid74 - I'm running with UAC turned off. Naughty I know, but it works. I'll try turning it back on and see what happens.
ReplyDeletejoas - Many thanks for the tip. I tried and you're right it doesn't work when a file is in use. I've edited the post.
A suggestion on improvement.
ReplyDelete1. Install the elevation powertoy - needs on UAC boxes.
http://technet.microsoft.com/en-us/magazine/2008.06.elevation.aspx
2. Setup regsitry as so.
[HKEY_CLASSES_ROOT\Drive\shell\lock-dbe]
"AppliesTo"="(System.Volume.BitLockerProtection:=1 OR System.Volume.BitLockerProtection:=3 OR System.Volume.BitLockerProtection:=5) "
@="Lock BitLocker Volume"
"HasLUAShield"=""
"MultiSelectModel"="Single"
[HKEY_CLASSES_ROOT\Drive\shell\lock-dbe-rudi\command]
@="@%SystemRoot%\\System32\\elevate.cmd @%SystemRoot%\\System32\\manage-bde.exe -lock G:"
3. If any one has the solution to change G:\ to G: though the use of %1. Even better.
Thankyou but if running win7 it is important that on step 6 you use:
ReplyDeletecmd /c c:\windows\lock.bat
This will let you RUN AS ADMIN,
Also I only use...
manage-bde -lock C:
Thankyou for a GREAT GUIDE
You can use %~d1 to get the drive letter rather than hard-coding it. I'm not sure, though, if that kind of expansion would work outside of a .cmd or .bat file.
ReplyDeleteI did the following but it still did not work ...
ReplyDelete1. Open up Notepad and type in the following, replacing 'E:' with the drive letter of your Bitlocker drive:
manage-bde -lock E:
2. Save the file as lock.bat in C:\Windows
3. Open up Registry Editor. Navigate to the following Key:
HKEY_CLASSES_ROOT\Drive\shell
4. Create a new key named runas with the default value set to Lock.
5. Now right-click on runas in the left window pane and create a new key called command.
6. Set the value of the Default Entry to cmd /c c:\windows\lock.bat
7. Navigate back to the runas key and create a new String Value called AppliesTo. Set the value to E:
My drive is e: , if i right click, the word 'Lock' appears - however it still doesn't lock. Please help.
By the way, I am using Windows 7
ReplyDeleteManaged to figure out, thank you for all the contributions, thanks ... I tried to lock it from the shortcut and of course it didn't work but if you go to My computer and right-click at the drive you intend to lock, it works! I couldn't thank all of you enough.
ReplyDeleteThank you so much! And also, thank you devilz_child24 for your hint. Awesome.
ReplyDeleteI got it working but how do I apply this to more than 1 drive?
ReplyDeleteThanks for the post. I am using windows 7 and it perfectly worked for me. I had my UAC(User Account Control) turned off and In step one, in case of'manage-bde -lock E: forcedismount
ReplyDelete' I typed this 'manage-bde -lock E:' Don't forget to replace the drive letter with the drive you want to perform the task.
'
Thanks for writing this guide and also thanks to devilz_child24 for his hint
ReplyDeleteI had to add a "dash" in front of forcedismount in order for it to work. Here is how it should be.
ReplyDeletemanage-bde -lock e: -forcedismount
I really tried implementing the above, but couldn't make it work for my PC (it kept complaining about not finding manage-bde.exe even with UAC off)...
ReplyDeleteEventually I decided to use the right-click-on-a-bitlocker-drive feature just to print out the syntax of the command.
1. I made up my own "lock-bde" key (instead of using the generic "runas" which might be overwritten by some other app).
2. I apply this only to my locked P: drive.
3. I print out the syntax of the command and pause so it will be possible to copy the command. It looks like this:
---
Run the following command from and elevated command prompt:
manage-bde -lock P: -forcedismount
Press any key to continue . . .
---
Here's the lot in a registry file format (paste into a file name lock-bde.reg for example and double-click from Windows Explorer to install).
====================================
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\Drive\shell\lock-bde]
@="Lock Drive..."
[HKEY_CLASSES_ROOT\Drive\shell\lock-bde\command]
@="cmd.exe /c \"echo Run the following command from and elevated command prompt: & echo. & echo. manage-bde -lock P: -forcedismount & echo. & pause\""
"AppliesTo"="P:"
====================================
Thanks a lot...
ReplyDeleteI got it working. but, how do I apply this to more than 1 drive?
Hey you can download these files here directly:
ReplyDeletehttp://scorpiondivine.blogspot.com/2012/01/how-to-relock-bitlocker-encrypted-drive.html
Hey its a direct method for having right click context menu option for lock drive:
ReplyDeletehttp://scorpiondivine.blogspot.com/2012/01/how-to-relock-bitlocker-encrypted-drive.html
After a long research, i got good trick.. it can be used for all drive ..
ReplyDeletehttp://www.spreadbytes.com/2012/01/how-to-lock-bitlocker-encrypted-drive.html
thankyou
ReplyDeleteThanks!!! Works Great Win 7 ult 64
ReplyDeleteIt's an absolute disgrace that there is no simple way to re lock. Why would you waste your money on ultimate when it is this crap.
ReplyDeleteI got it working by typing this in notepad,
ReplyDeletemanage-bde -lock E: -ForceDismount
where "E" is the drive letter
the syntax of forcedismount is important to make this work
for me atleast :P
I tried the procedure mentioned and I got the lock option during the right click but it says
ReplyDelete"Application not found"
can you please help