• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

"Lock Drive" - Add to Context Menu of BitLocker Drives


Brink

Administrator
Administrator
mvp
Posts
23,837
#41
Ok. I look forward to hearing your results.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

bombadil

New Member
Posts
14
#42
Ok, rebooted, tried it again with the new script and it's doing the same thing. First iteration works fine but if I unlock the drive a 2nd time the "Lock drive" option isn't displayed. The option still says "Unlock drive". Clicking on it or the drive letter gives a message that the drive is already unlocked. I can only access the drive by selecting "Open in new window".
 
Last edited:

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop

Brink

Administrator
Administrator
mvp
Posts
23,837
#43
bombadil,

I'm encrypting a drive now to do some more tests on this to see what may have changed, but it will take a while to finish encrypting.

For now, you can merge the .reg file below to remove the "AppliesTo" string value from the "HKEY_CLASSES_ROOT\Drive\shell\lock-bde" key to have "Lock Drive..." always available on all drives as a workaround until I get it sorted. :)

View attachment Workaround_lock-bde.reg
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

Brink

Administrator
Administrator
mvp
Posts
23,837
#44
bombadil,

I just tested this using the original script from the tutorial in Windows 10 build 14393.82, and I'm not getting the issue you described. I locked and unlocked the drive several times in a row, and no issue.

As a test when this happens for you, see if you are able to manually lock the drive using the command below in an elevated command prompt.

manage-bde -lock <drive letter>:
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

bombadil

New Member
Posts
14
#45
Thanks again for your help. I'm copying a large folder to my encrypted drive at the moment so can't test the manual command, but will try it soon and let you know.

One more thing that may have caused my problem, when I initially ran the reg edit script and used the "Lock drive" option I had the vbs script in the wrong folder (not in System32), which caused an error. I then put it in System32 and it worked fine. I've rebooted since, and as I mentioned it works one time. Just wanted to mention that initial installation mistake in case that created an issue on my system.
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop

Brink

Administrator
Administrator
mvp
Posts
23,837
#46
Nar, that mistake would have only caused an issue of it not be able to run the .vbs until you had it in the correct folder.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

bombadil

New Member
Posts
14
#47
Ok, understood on that initial mistake.

Just tried the manual lock command and got this:

C:\WINDOWS\system32>manage-bde -lock f:
BitLocker Drive Encryption: Configuration Tool version 10.0.10011
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

ERROR: Access was denied when attempting to lock the volume. Applications
may be accessing this volume (code 0x80070005).

Add the "-ForceDismount" parameter to lock the volume even when it is in use.

I made sure Explorer was closed, so not sure why it thinks the drive is being accessed. One other point, the drive is a external USB.
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop

bombadil

New Member
Posts
14
#48
Tried this:

manage-bde -lock -ForceDismount f:

It worked. The "Unlock drive" option shows up in Explorer. Unlocked the drive, but have the same issue as with the script. Since it had been unlocked/locked previously Explorer still says "Unlock drive" instead of "Lock drive".
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop

Brink

Administrator
Administrator
mvp
Posts
23,837
#49

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

bombadil

New Member
Posts
14
#50

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop

bombadil

New Member
Posts
14
#51
Ok, I fixed the problem with "Lock drive" not working with both "Lock drive" and "Unlock drive" being displayed. I had modified the lock-bde.vbs script and removed the force option, so that's why it didn't work initially. Put force back in and both Lock and Unlock work now with your workaround mod.

That's really all I need, so I'm good to go. I really appreciate all your effort.
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop

Brink

Administrator
Administrator
mvp
Posts
23,837
#52

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

Brink

Administrator
Administrator
mvp
Posts
23,837
#54
If you like, you might update to the latest build and see how it does afterwards.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

bombadil

New Member
Posts
14
#55
If you like, you might update to the latest build and see how it does afterwards.
Sure. I wasn't aware of a newer update. I'm doing another drive encryption now, and also discovered corruption on that f: drive I was locking/unlocking. Perhaps the force lock was a bad idea. In any case, it will take me a couple of days to get to a point where I can reboot, so will do the upgrade then and let you know if that helps.

Thanks.
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop

Brink

Administrator
Administrator
mvp
Posts
23,837
#56
Locking and unlocking the drive won't hurt anything, so no worries. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

bombadil

New Member
Posts
14
#57
Locking and unlocking the drive won't hurt anything, so no worries. :)
Good to know. That particular drive has a bit of bad history. I was bitlocker encrypting it when it lost power. Totally corrupted it. I ran a data recovery utility and was able to salvage some data which I copied to another drive, and formatted the f: drive. Copied the salvaged data back and encrypted it. All seemed ok until today after my lock/unlock experiments and I discovered the corrupted folders. So now I'm again copying the un-corrupted folders to another drive and will reformat then re-encrypt f:. Add in this bit about the drive lock utility not working as it should and it's been pretty much a nightmare all around.
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop

bombadil

New Member
Posts
14
#58
Update: I checked for Windows 10 updates and it says I'm current at the release I posted above. So, no idea what's causing the odd behavior on my system. Even with the persistent "Lock drive" option you gave me after the first unlock/lock cycle it stops working correctly.
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop

Brink

Administrator
Administrator
mvp
Posts
23,837
#59
You might run a hard drive diagnostics tool (ex: SeaTools) on the drive to rule out possible drive failure or issues.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

bombadil

New Member
Posts
14
#60
You might run a hard drive diagnostics tool (ex: SeaTools) on the drive to rule out possible drive failure or issues.
Good idea on that f: drive. I plan to completely format it and will run your suggested diagnostics. But the issue I'm having with lock/unlock happens with other encrypted drives as well that haven't had any corruption issues. What's the simplest way to cleanly remove the registry entry your file created? Can I just delete the "lock-bde" entry using regedit, or does it need to be modified to get it back to original?
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop

Users Who Are Viewing This Thread (Users: 0, Guests: 2)