How to Lock BitLocker Encrypted Drive in Windows


BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.

BitLocker can encrypt the drive Windows is installed on (the operating system drive) as well as fixed data drives (such as internal hard drives). You can also use BitLocker To Go to help protect all files stored on a removable data drive (such as an external hard drive or USB flash drive).

You can choose how you want to unlock an encrypted data drive: with a password or a smart card. For removable data drives encrypted with BitLocker To Go, you can set the drive to automatically unlock when you sign in to the PC. For fixed data drives, you can also set the drive to automatically unlock when you unlock the PC, if you prefer, as long as the operating system drive is BitLocker-protected.

To lock a fixed data drive encrypted by BitLocker, you could restart the computer unless you set the drive to automatically unlock when you sign in next.

To lock a removable data drive encrypted by BitLocker, you could disconnect the drive or restart the computer unless you set the drive to automatically unlock when you connect the drive or sign in next.

This tutorial will show you how to manually lock a fixed or removable drive encrypted by BitLocker in Windows 7, Windows 8, Windows 10, and Windows 11.

You must be signed in as an administrator to manually lock a drive.

Note   Note
For Windows 7, BitLocker Drive Encryption is only available in the Windows 7 Professional and Windows 7 Enterprise editions.

For Windows 8/8.1, BitLocker Drive Encryption is only available in the Windows 8 Pro and Windows 8 Enterprise editions.

For Windows 10, BitLocker Drive Encryption is only available in the Windows 10 Pro, Enterprise, and Education editions.

Contents

  • Option One: Lock a BitLocker Encrypted Drive using Context Menu
  • Option Two: Lock a BitLocker Encrypted Drive in Command Prompt
  • Option Three: Lock a BitLocker Encrypted Drive in PowerShell



EXAMPLE: Locked BitLocker encrypted drive
Lock BitLocker Encrypted Drive in Windows-locked_bitlocker_drive.jpg






OPTION ONE

Lock a BitLocker Encrypted Drive using Context Menu







OPTION TWO

Lock a BitLocker Encrypted Drive in Command Prompt


1. Open an elevated command prompt.

2. Type the command below into the elevated command prompt, and press Enter. (see screenshot below)

manage-bde -lock "<drive letter>:" -ForceDismount

Substitute <drive letter> in the command above with the actual drive letter (ex: "D") of the unlocked encrypted drive you want to lock.

For example: manage-bde -lock "D:" -ForceDismount


You can check the status of BitLocker for the drive at anytime.

Lock BitLocker Encrypted Drive in Windows-locked_bitlocker_drive_command.jpg

3. You can now close the elevated command prompt if you like.






OPTION THREE

Lock a BitLocker Encrypted Drive in PowerShell


To see more Disable-BitLocker command usage options, see: Disable-BitLocker - Microsoft Docs

1. Open an elevated Powershell.

2. Type the command below into the elevated PowerShell, and press Enter. (see screenshot below)

Lock-BitLocker -MountPoint "<drive letter>:" -ForceDismount

Substitute <drive letter> in the command above with the actual drive letter (ex: "D") of the unlocked encrypted drive you want to lock.

For example: Lock-BitLocker -MountPoint "D:" -ForceDismount


You can check the status of BitLocker for the drive at anytime.

Lock BitLocker Encrypted Drive in Windows-locked_bitlocker_drive_powershell.jpg

3. You can now close the elevated PowerShell if you like.


That's it,
Shawn Brink