"Lock Drive" - Add to Context Menu of BitLocker Drives

Add "Lock Drive" to Unlocked BitLocker Drives Context Menu in Windows 7 and Windows 8


information   Information
To lock an unlocked fixed data drive (ex: internal hard drive) encrypted by BitLocker, you would normally restart the computer.

To lock an unlocked removable data drive (ex: USB drive) encrypted by BitLocker, you would normally disconnect it or restart the computer.

In Windows 8, if you have auto-unlock turned on for a data drive, then it will automatically be unlocked when connected (removable data drive) or you sign in to Windows 8 (fixed data drive).


This tutorial will show you how to add "Lock Drive" to the context menu of all unlocked fixed and removable data drives encrypted by BitLocker to be able to lock the drive in Windows 7 and Windows 8 without having to restart the computer for fixed data drives, disconnect removable data drives, and still be able to leave auto-unlock turned on for any data drives.

Note   Note
You must be signed in as an administrator to be able to do the steps in the tutorial, and to be able to use the "Lock Drive" context menu item.

"Lock Drive" is purposely not added to the context menu of the C: OS drive since it contains the current running operating system, and cannot be locked while Windows 8 is running.

warning   Warning
In Windows 7, BitLocker Drive Encryption is only available in the Windows 7 Ultimate and Windows 7 Enterprise editions.

In Windows 8, BitLocker Drive Encryption is only available in the Windows 8 Pro and Windows 8 Enterprise editions.


EXAMPLE: "Lock Drive" in Context Menu
Lock_Drive_Context_Menu.jpg





OPTION ONE

To Add "Lock Drive" to Context Menu of Unlocked BitLocker Drives


1. Click/tap on the Download button below to download the .ZIP file below.​
Add_Lock_Drive_to_Context_Menu.zip
download

2. Save the .ZIP file to your desktop, and open it.​
3. Extract (drag and drop) the contents (.vbs and .reg files) from inside the ZIP file to your desktop.​
4. Unblock the extracted lock-bde.vbs file.​
5. In File Explorer (Windows 8) or Windows Explorer (Windows 7), navigate to C:\Windows\System32, and copy/move the lock-bde.vbs file into the System32 folder.​
6. If prompted, click/tap on Continue and Yes to approve.​
7. Double click/tap on the extracted .reg file to merge it.​
8. If prompted, click/tap on Run, Yes (UAC), Yes, and OK.​
Note   Note
When you lock a drive encrypted by BitLocker, you will be prompted by UAC to click/tap on "Yes" to approve first. After a moment, the drive will be locked.

Note   Note

If the drive has been turned off due to being idle, then it will take a few more seconds to be locked while it waits for the HDD to spin back up.​








OPTION TWO

Remove "Lock Drive" from Context Menu of Unlocked BitLocker Drives


NOTE: This is the default setting.
1. Click/tap on the Download button below to download the .reg file below.​
Remove_Lock_Drive_from_Context_Menu.reg
download
2. Save the .reg file to your desktop.​
3. Double click/tap on the .reg file to merge it.​
4. If prompted, click/tap on Run, Yes (UAC), Yes, and OK.​
5. In File Explorer (Windows 8) or Windows Explorer (Windows 7), navigate to C:\Windows\System32, and delete the lock-bde.vbs file.​
6. If prompted, click/tap on Yes (UAC) to approve deleting the lock-bde.vbs file.​


That's it,
Shawn


 

Attachments

Last edited by a moderator:
Works great. Thanks!

I think there must be a way to combine the VBS file with Task Scheduler to bypass UAC, making the locking of a drive an even easier task...
 
You're welcome. Not sure that would work since UAC is required to lock the drive again.
 
I almost made it work, but "almost" doesn't cut it. The problem is I don't know of any way to pass the drive letter as a variable to Task Scheduler. If that were possible, it would be an easy thing to set up overall.
 
Just an FYI to all... When I updated to Windows 8.1, the HKLM\SOFTWARE\Classes\Drive\shell\lock-bde key was totally deleted. The function still works in Win8.1 once you add it back.
 
This is perfect! By the way, is there an easy way to have the system automatically prompt me for the unlock password once I login into Windows? I know I can turn on auto-unlock but that requires me to encrypt my system drive, which for various reasons is not an option right now. So maybe a vbs that runs manage-bde -unlock x: -pw would do the trick?
 
Sure there is. This is a simple little script I use to unlock my drives from an elevated command prompt. You could run a modified version of it at startup. Run it from Task Scheduler to make it run elevated without a UAC prompt. It takes the desired volume letter as a parameter, so the command line should be "x:\path\scriptname.cmd y", where "y" is the desired volume drive letter.

Code:
@echo off & cls & setlocal

set Volume=%1:

echo.

if exist %1:\ (
echo ERROR: The volume is already unlocked.
echo.
pause
exit)

for /f "tokens=1,2*" %%a in ('bcdedit.exe') do if (%%a)==(Access) goto :NoAdmin

echo.

manage-bde.exe -unlock -password %Volume%

echo.
pause
echo.
exit

:NoAdmin

echo.
echo Administrative rights not detected. Exiting.
echo.
pause
goto :EOF

:: End of script
 
Last edited:
This is a simple little script I use to unlock my drives from an elevated command prompt.

How would a similar Scheduler run script look like to open a standard BitLocker "Enter Password" Dialog Box for an encrypted drive at user logon?
 
I have not tested this and never really tried it, but you may be able to skip using a script and simply use:

bdeunlock.exe y:

Where "y" is the drive letter of the BitLocker volume you want to unlock.

Don't forget the colon (":") because you'll get a rather disconcerting (but harmless) error message.
 
Windows error:
Cannot find "lock-bde.vbs" when I launch: "Lock Drive" from context menu.
I cannot see file lock-bde.vbs in system 32 directory although it reports being there when I try to copy another instance to the directory.

I am not having this issue on other machine running same OS so I know I followed the instructions correctly.

Windows 10 Pro 64bit.
Thanks
 
Windows error:
Cannot find "lock-bde.vbs" when I launch: "Lock Drive" from context menu.
I cannot see file lock-bde.vbs in system 32 directory although it reports being there when I try to copy another instance to the directory.

I am not having this issue on other machine running same OS so I know I followed the instructions correctly.

Windows 10 Pro 64bit.
Thanks

Hello Boomer, and welcome to Eight Forums. :)

I just tested, and this tutorial still works in Windows 10 for me as well.

Is your Windows drive showing with the drive letter C: ?

As a test, see if merging the updated .reg file below may have it work better for you.

View attachment Add_lock-bde.reg
 
Hi Brink,
Yes the os is directly on "C" drive.
Works in other Win 10 and Win 8 machines.
What I can't understand is why when I copy the vbs file to sys 32 you cannot see it even when 'hidden' +' protected files' are unhidden.
Copying file another time triggers overwrite? dialogue.
I have shut off antivirus, uac as well as Malwarebytes.
Thanks
 
Something is wrong then if you don't see the .vbs file in the System32 folder.

As a test and workaround, copy the .vbs file into your C:\Windows folder instead. Afterwards, download and merge the updated .reg file below to change the location in the registry for the context menu.

View attachment Add_lock-bde.reg
 
Yes it is visible in the Windows folder.
When I tried it worked ok, it locked the drive but I tried to unlock the drive got message that drive was already unlocked and wouldn't open.
I restarted computer then drive unlocked ok.
Any ideas?
 
Not sure. The unlock part is unrelated to the context menu in this tutorial. Could have been something that interfered.
 
Hello there,

I just registered to tell you that I found a solution. I had the same problem with boomer96. Very strange problem.
I managed to fix that by opening an elevated cmd and doing the copy to windows\system32 from the command prompt.
The file copied just fine and lock / unlock function works great.
 
Thank you for sharing th3dark, and welcome to Eight Forums. :)
 
Back
Top