"Lock Drive" - Add to Context Menu of BitLocker Drives

Add "Lock Drive" to Unlocked BitLocker Drives Context Menu in Windows 7 and Windows 8


information   Information
To lock an unlocked fixed data drive (ex: internal hard drive) encrypted by BitLocker, you would normally restart the computer.

To lock an unlocked removable data drive (ex: USB drive) encrypted by BitLocker, you would normally disconnect it or restart the computer.

In Windows 8, if you have auto-unlock turned on for a data drive, then it will automatically be unlocked when connected (removable data drive) or you sign in to Windows 8 (fixed data drive).


This tutorial will show you how to add "Lock Drive" to the context menu of all unlocked fixed and removable data drives encrypted by BitLocker to be able to lock the drive in Windows 7 and Windows 8 without having to restart the computer for fixed data drives, disconnect removable data drives, and still be able to leave auto-unlock turned on for any data drives.

Note   Note
You must be signed in as an administrator to be able to do the steps in the tutorial, and to be able to use the "Lock Drive" context menu item.

"Lock Drive" is purposely not added to the context menu of the C: OS drive since it contains the current running operating system, and cannot be locked while Windows 8 is running.

warning   Warning
In Windows 7, BitLocker Drive Encryption is only available in the Windows 7 Ultimate and Windows 7 Enterprise editions.

In Windows 8, BitLocker Drive Encryption is only available in the Windows 8 Pro and Windows 8 Enterprise editions.


EXAMPLE: "Lock Drive" in Context Menu
Lock_Drive_Context_Menu.jpg





OPTION ONE

To Add "Lock Drive" to Context Menu of Unlocked BitLocker Drives


1. Click/tap on the Download button below to download the .ZIP file below.​
Add_Lock_Drive_to_Context_Menu.zip
download

2. Save the .ZIP file to your desktop, and open it.​
3. Extract (drag and drop) the contents (.vbs and .reg files) from inside the ZIP file to your desktop.​
4. Unblock the extracted lock-bde.vbs file.​
5. In File Explorer (Windows 8) or Windows Explorer (Windows 7), navigate to C:\Windows\System32, and copy/move the lock-bde.vbs file into the System32 folder.​
6. If prompted, click/tap on Continue and Yes to approve.​
7. Double click/tap on the extracted .reg file to merge it.​
8. If prompted, click/tap on Run, Yes (UAC), Yes, and OK.​
Note   Note
When you lock a drive encrypted by BitLocker, you will be prompted by UAC to click/tap on "Yes" to approve first. After a moment, the drive will be locked.

Note   Note

If the drive has been turned off due to being idle, then it will take a few more seconds to be locked while it waits for the HDD to spin back up.​








OPTION TWO

Remove "Lock Drive" from Context Menu of Unlocked BitLocker Drives


NOTE: This is the default setting.
1. Click/tap on the Download button below to download the .reg file below.​
Remove_Lock_Drive_from_Context_Menu.reg
download
2. Save the .reg file to your desktop.​
3. Double click/tap on the .reg file to merge it.​
4. If prompted, click/tap on Run, Yes (UAC), Yes, and OK.​
5. In File Explorer (Windows 8) or Windows Explorer (Windows 7), navigate to C:\Windows\System32, and delete the lock-bde.vbs file.​
6. If prompted, click/tap on Yes (UAC) to approve deleting the lock-bde.vbs file.​


That's it,
Shawn


 

Attachments

  • Add_Lock_Drive_to_Context_Menu.zip
    1,008 bytes · Views: 15,367
  • Remove_Lock_Drive_from_Context_Menu.reg
    510 bytes · Views: 4,276
  • Locked_Drive.png
    Locked_Drive.png
    18.2 KB · Views: 388
Last edited by a moderator:
Ok. I look forward to hearing your results.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Ok, rebooted, tried it again with the new script and it's doing the same thing. First iteration works fine but if I unlock the drive a 2nd time the "Lock drive" option isn't displayed. The option still says "Unlock drive". Clicking on it or the drive letter gives a message that the drive is already unlocked. I can only access the drive by selecting "Open in new window".
 
Last edited:

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
bombadil,

I'm encrypting a drive now to do some more tests on this to see what may have changed, but it will take a while to finish encrypting.

For now, you can merge the .reg file below to remove the "AppliesTo" string value from the "HKEY_CLASSES_ROOT\Drive\shell\lock-bde" key to have "Lock Drive..." always available on all drives as a workaround until I get it sorted. :)

View attachment Workaround_lock-bde.reg
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
bombadil,

I just tested this using the original script from the tutorial in Windows 10 build 14393.82, and I'm not getting the issue you described. I locked and unlocked the drive several times in a row, and no issue.

As a test when this happens for you, see if you are able to manually lock the drive using the command below in an elevated command prompt.

manage-bde -lock <drive letter>:
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Thanks again for your help. I'm copying a large folder to my encrypted drive at the moment so can't test the manual command, but will try it soon and let you know.

One more thing that may have caused my problem, when I initially ran the reg edit script and used the "Lock drive" option I had the vbs script in the wrong folder (not in System32), which caused an error. I then put it in System32 and it worked fine. I've rebooted since, and as I mentioned it works one time. Just wanted to mention that initial installation mistake in case that created an issue on my system.
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
Nar, that mistake would have only caused an issue of it not be able to run the .vbs until you had it in the correct folder.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Ok, understood on that initial mistake.

Just tried the manual lock command and got this:

C:\WINDOWS\system32>manage-bde -lock f:
BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

ERROR: Access was denied when attempting to lock the volume. Applications
may be accessing this volume (code 0x80070005).

Add the "-ForceDismount" parameter to lock the volume even when it is in use.

I made sure Explorer was closed, so not sure why it thinks the drive is being accessed. One other point, the drive is a external USB.
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
Tried this:

manage-bde -lock -ForceDismount f:

It worked. The "Unlock drive" option shows up in Explorer. Unlocked the drive, but have the same issue as with the script. Since it had been unlocked/locked previously Explorer still says "Unlock drive" instead of "Lock drive".
 

Attachments

  • 2016_08_26_19_38_461.png
    2016_08_26_19_38_461.png
    3.4 KB · Views: 239
  • manage-bde.jpg
    manage-bde.jpg
    55.2 KB · Views: 251

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
Ok, I fixed the problem with "Lock drive" not working with both "Lock drive" and "Unlock drive" being displayed. I had modified the lock-bde.vbs script and removed the force option, so that's why it didn't work initially. Put force back in and both Lock and Unlock work now with your workaround mod.

That's really all I need, so I'm good to go. I really appreciate all your effort.
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
If you like, you might update to the latest build and see how it does afterwards.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
If you like, you might update to the latest build and see how it does afterwards.

Sure. I wasn't aware of a newer update. I'm doing another drive encryption now, and also discovered corruption on that f: drive I was locking/unlocking. Perhaps the force lock was a bad idea. In any case, it will take me a couple of days to get to a point where I can reboot, so will do the upgrade then and let you know if that helps.

Thanks.
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
Locking and unlocking the drive won't hurt anything, so no worries. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Locking and unlocking the drive won't hurt anything, so no worries. :)

Good to know. That particular drive has a bit of bad history. I was bitlocker encrypting it when it lost power. Totally corrupted it. I ran a data recovery utility and was able to salvage some data which I copied to another drive, and formatted the f: drive. Copied the salvaged data back and encrypted it. All seemed ok until today after my lock/unlock experiments and I discovered the corrupted folders. So now I'm again copying the un-corrupted folders to another drive and will reformat then re-encrypt f:. Add in this bit about the drive lock utility not working as it should and it's been pretty much a nightmare all around.
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
Update: I checked for Windows 10 updates and it says I'm current at the release I posted above. So, no idea what's causing the odd behavior on my system. Even with the persistent "Lock drive" option you gave me after the first unlock/lock cycle it stops working correctly.
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
You might run a hard drive diagnostics tool (ex: SeaTools) on the drive to rule out possible drive failure or issues.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
You might run a hard drive diagnostics tool (ex: SeaTools) on the drive to rule out possible drive failure or issues.
Good idea on that f: drive. I plan to completely format it and will run your suggested diagnostics. But the issue I'm having with lock/unlock happens with other encrypted drives as well that haven't had any corruption issues. What's the simplest way to cleanly remove the registry entry your file created? Can I just delete the "lock-bde" entry using regedit, or does it need to be modified to get it back to original?
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
Back
Top