"Lock Drive" - Add to Context Menu of BitLocker Drives

Add "Lock Drive" to Unlocked BitLocker Drives Context Menu in Windows 7 and Windows 8


information   Information
To lock an unlocked fixed data drive (ex: internal hard drive) encrypted by BitLocker, you would normally restart the computer.

To lock an unlocked removable data drive (ex: USB drive) encrypted by BitLocker, you would normally disconnect it or restart the computer.

In Windows 8, if you have auto-unlock turned on for a data drive, then it will automatically be unlocked when connected (removable data drive) or you sign in to Windows 8 (fixed data drive).


This tutorial will show you how to add "Lock Drive" to the context menu of all unlocked fixed and removable data drives encrypted by BitLocker to be able to lock the drive in Windows 7 and Windows 8 without having to restart the computer for fixed data drives, disconnect removable data drives, and still be able to leave auto-unlock turned on for any data drives.

Note   Note
You must be signed in as an administrator to be able to do the steps in the tutorial, and to be able to use the "Lock Drive" context menu item.

"Lock Drive" is purposely not added to the context menu of the C: OS drive since it contains the current running operating system, and cannot be locked while Windows 8 is running.

warning   Warning
In Windows 7, BitLocker Drive Encryption is only available in the Windows 7 Ultimate and Windows 7 Enterprise editions.

In Windows 8, BitLocker Drive Encryption is only available in the Windows 8 Pro and Windows 8 Enterprise editions.


EXAMPLE: "Lock Drive" in Context Menu
Lock_Drive_Context_Menu.jpg





OPTION ONE

To Add "Lock Drive" to Context Menu of Unlocked BitLocker Drives


1. Click/tap on the Download button below to download the .ZIP file below.​
Add_Lock_Drive_to_Context_Menu.zip
download

2. Save the .ZIP file to your desktop, and open it.​
3. Extract (drag and drop) the contents (.vbs and .reg files) from inside the ZIP file to your desktop.​
4. Unblock the extracted lock-bde.vbs file.​
5. In File Explorer (Windows 8) or Windows Explorer (Windows 7), navigate to C:\Windows\System32, and copy/move the lock-bde.vbs file into the System32 folder.​
6. If prompted, click/tap on Continue and Yes to approve.​
7. Double click/tap on the extracted .reg file to merge it.​
8. If prompted, click/tap on Run, Yes (UAC), Yes, and OK.​
Note   Note
When you lock a drive encrypted by BitLocker, you will be prompted by UAC to click/tap on "Yes" to approve first. After a moment, the drive will be locked.

Note   Note

If the drive has been turned off due to being idle, then it will take a few more seconds to be locked while it waits for the HDD to spin back up.​








OPTION TWO

Remove "Lock Drive" from Context Menu of Unlocked BitLocker Drives


NOTE: This is the default setting.
1. Click/tap on the Download button below to download the .reg file below.​
Remove_Lock_Drive_from_Context_Menu.reg
download
2. Save the .reg file to your desktop.​
3. Double click/tap on the .reg file to merge it.​
4. If prompted, click/tap on Run, Yes (UAC), Yes, and OK.​
5. In File Explorer (Windows 8) or Windows Explorer (Windows 7), navigate to C:\Windows\System32, and delete the lock-bde.vbs file.​
6. If prompted, click/tap on Yes (UAC) to approve deleting the lock-bde.vbs file.​


That's it,
Shawn


 

Attachments

  • Add_Lock_Drive_to_Context_Menu.zip
    1,008 bytes · Views: 15,306
  • Remove_Lock_Drive_from_Context_Menu.reg
    510 bytes · Views: 4,232
  • Locked_Drive.png
    Locked_Drive.png
    18.2 KB · Views: 375
Last edited by a moderator:
Works great. Thanks!

I think there must be a way to combine the VBS file with Task Scheduler to bypass UAC, making the locking of a drive an even easier task...
 

My Computer

System One

  • OS
    Windows 8.1 Pro x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Maingear Shift
    CPU
    Intel 3970x (Overclocked to ~4.2 GHz)
    Motherboard
    Asus Rampage IV Extreme
    Memory
    16 GB
    Graphics Card(s)
    Nvidia Titans (2 in SLI)
    Sound Card
    Creative Sound Blaster Z
    Monitor(s) Displays
    Acer T272hl
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung SSD 840 PRO (512 GB)
    Western Digital Black (4 TB)
    Western Digital Black (4 TB)
    Western Digital (300 GB)
    PSU
    Corsair Professional Digital Series AX1200i
    Case
    Maingear Shift (Modified Silverstone Raven)
    Cooling
    Maingear EPIC 180 Supercooler
    Keyboard
    Logitech G710+
    Mouse
    Logitech MX518
    Browser
    Firefox
    Antivirus
    Avira Antivirus Suite
    Other Info
    Is anyone actually reading this?
You're welcome. Not sure that would work since UAC is required to lock the drive again.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
I almost made it work, but "almost" doesn't cut it. The problem is I don't know of any way to pass the drive letter as a variable to Task Scheduler. If that were possible, it would be an easy thing to set up overall.
 

My Computer

System One

  • OS
    Windows 8.1 Pro x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Maingear Shift
    CPU
    Intel 3970x (Overclocked to ~4.2 GHz)
    Motherboard
    Asus Rampage IV Extreme
    Memory
    16 GB
    Graphics Card(s)
    Nvidia Titans (2 in SLI)
    Sound Card
    Creative Sound Blaster Z
    Monitor(s) Displays
    Acer T272hl
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung SSD 840 PRO (512 GB)
    Western Digital Black (4 TB)
    Western Digital Black (4 TB)
    Western Digital (300 GB)
    PSU
    Corsair Professional Digital Series AX1200i
    Case
    Maingear Shift (Modified Silverstone Raven)
    Cooling
    Maingear EPIC 180 Supercooler
    Keyboard
    Logitech G710+
    Mouse
    Logitech MX518
    Browser
    Firefox
    Antivirus
    Avira Antivirus Suite
    Other Info
    Is anyone actually reading this?
Yeah, that's the problem I had as well.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Just an FYI to all... When I updated to Windows 8.1, the HKLM\SOFTWARE\Classes\Drive\shell\lock-bde key was totally deleted. The function still works in Win8.1 once you add it back.
 

My Computer

System One

  • OS
    Windows 8.1 Pro x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Maingear Shift
    CPU
    Intel 3970x (Overclocked to ~4.2 GHz)
    Motherboard
    Asus Rampage IV Extreme
    Memory
    16 GB
    Graphics Card(s)
    Nvidia Titans (2 in SLI)
    Sound Card
    Creative Sound Blaster Z
    Monitor(s) Displays
    Acer T272hl
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung SSD 840 PRO (512 GB)
    Western Digital Black (4 TB)
    Western Digital Black (4 TB)
    Western Digital (300 GB)
    PSU
    Corsair Professional Digital Series AX1200i
    Case
    Maingear Shift (Modified Silverstone Raven)
    Cooling
    Maingear EPIC 180 Supercooler
    Keyboard
    Logitech G710+
    Mouse
    Logitech MX518
    Browser
    Firefox
    Antivirus
    Avira Antivirus Suite
    Other Info
    Is anyone actually reading this?
This is perfect! By the way, is there an easy way to have the system automatically prompt me for the unlock password once I login into Windows? I know I can turn on auto-unlock but that requires me to encrypt my system drive, which for various reasons is not an option right now. So maybe a vbs that runs manage-bde -unlock x: -pw would do the trick?
 

My Computer

System One

  • OS
    Windows 8.1 Pro
Sure there is. This is a simple little script I use to unlock my drives from an elevated command prompt. You could run a modified version of it at startup. Run it from Task Scheduler to make it run elevated without a UAC prompt. It takes the desired volume letter as a parameter, so the command line should be "x:\path\scriptname.cmd y", where "y" is the desired volume drive letter.

Code:
@echo off & cls & setlocal

set Volume=%1:

echo.

if exist %1:\ (
echo ERROR: The volume is already unlocked.
echo.
pause
exit)

for /f "tokens=1,2*" %%a in ('bcdedit.exe') do if (%%a)==(Access) goto :NoAdmin

echo.

manage-bde.exe -unlock -password %Volume%

echo.
pause
echo.
exit

:NoAdmin

echo.
echo Administrative rights not detected. Exiting.
echo.
pause
goto :EOF

:: End of script
 
Last edited:

My Computer

System One

  • OS
    Windows 8.1 Pro x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Maingear Shift
    CPU
    Intel 3970x (Overclocked to ~4.2 GHz)
    Motherboard
    Asus Rampage IV Extreme
    Memory
    16 GB
    Graphics Card(s)
    Nvidia Titans (2 in SLI)
    Sound Card
    Creative Sound Blaster Z
    Monitor(s) Displays
    Acer T272hl
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung SSD 840 PRO (512 GB)
    Western Digital Black (4 TB)
    Western Digital Black (4 TB)
    Western Digital (300 GB)
    PSU
    Corsair Professional Digital Series AX1200i
    Case
    Maingear Shift (Modified Silverstone Raven)
    Cooling
    Maingear EPIC 180 Supercooler
    Keyboard
    Logitech G710+
    Mouse
    Logitech MX518
    Browser
    Firefox
    Antivirus
    Avira Antivirus Suite
    Other Info
    Is anyone actually reading this?
I have not tested this and never really tried it, but you may be able to skip using a script and simply use:

bdeunlock.exe y:

Where "y" is the drive letter of the BitLocker volume you want to unlock.

Don't forget the colon (":") because you'll get a rather disconcerting (but harmless) error message.
 

My Computer

System One

  • OS
    Windows 8.1 Pro x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Maingear Shift
    CPU
    Intel 3970x (Overclocked to ~4.2 GHz)
    Motherboard
    Asus Rampage IV Extreme
    Memory
    16 GB
    Graphics Card(s)
    Nvidia Titans (2 in SLI)
    Sound Card
    Creative Sound Blaster Z
    Monitor(s) Displays
    Acer T272hl
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung SSD 840 PRO (512 GB)
    Western Digital Black (4 TB)
    Western Digital Black (4 TB)
    Western Digital (300 GB)
    PSU
    Corsair Professional Digital Series AX1200i
    Case
    Maingear Shift (Modified Silverstone Raven)
    Cooling
    Maingear EPIC 180 Supercooler
    Keyboard
    Logitech G710+
    Mouse
    Logitech MX518
    Browser
    Firefox
    Antivirus
    Avira Antivirus Suite
    Other Info
    Is anyone actually reading this?
Windows error:
Cannot find "lock-bde.vbs" when I launch: "Lock Drive" from context menu.
I cannot see file lock-bde.vbs in system 32 directory although it reports being there when I try to copy another instance to the directory.

I am not having this issue on other machine running same OS so I know I followed the instructions correctly.

Windows 10 Pro 64bit.
Thanks
 

My Computer

System One

  • OS
    Windows 10 Pro 64 bit
    Computer type
    PC/Desktop
    CPU
    Intel i7
    Memory
    16 gb
Windows error:
Cannot find "lock-bde.vbs" when I launch: "Lock Drive" from context menu.
I cannot see file lock-bde.vbs in system 32 directory although it reports being there when I try to copy another instance to the directory.

I am not having this issue on other machine running same OS so I know I followed the instructions correctly.

Windows 10 Pro 64bit.
Thanks

Hello Boomer, and welcome to Eight Forums. :)

I just tested, and this tutorial still works in Windows 10 for me as well.

Is your Windows drive showing with the drive letter C: ?

As a test, see if merging the updated .reg file below may have it work better for you.

View attachment Add_lock-bde.reg
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Hi Brink,
Yes the os is directly on "C" drive.
Works in other Win 10 and Win 8 machines.
What I can't understand is why when I copy the vbs file to sys 32 you cannot see it even when 'hidden' +' protected files' are unhidden.
Copying file another time triggers overwrite? dialogue.
I have shut off antivirus, uac as well as Malwarebytes.
Thanks
 

My Computer

System One

  • OS
    Windows 10 Pro 64 bit
    Computer type
    PC/Desktop
    CPU
    Intel i7
    Memory
    16 gb
Something is wrong then if you don't see the .vbs file in the System32 folder.

As a test and workaround, copy the .vbs file into your C:\Windows folder instead. Afterwards, download and merge the updated .reg file below to change the location in the registry for the context menu.

View attachment Add_lock-bde.reg
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Yes it is visible in the Windows folder.
When I tried it worked ok, it locked the drive but I tried to unlock the drive got message that drive was already unlocked and wouldn't open.
I restarted computer then drive unlocked ok.
Any ideas?
 

My Computer

System One

  • OS
    Windows 10 Pro 64 bit
    Computer type
    PC/Desktop
    CPU
    Intel i7
    Memory
    16 gb
Not sure. The unlock part is unrelated to the context menu in this tutorial. Could have been something that interfered.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Hello there,

I just registered to tell you that I found a solution. I had the same problem with boomer96. Very strange problem.
I managed to fix that by opening an elevated cmd and doing the copy to windows\system32 from the command prompt.
The file copied just fine and lock / unlock function works great.
 

My Computer

System One

  • OS
    Win 8.1 Pro
Thank you for sharing th3dark, and welcome to Eight Forums. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Back
Top