Privacy and Security Add Lock Drive with BitLocker Context Menu in Windows 11

  • Staff
BitLocker_drive_banner.png

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

You can turn on BitLocker to encrypt the operating system drive (Windows drive), fixed data drives (internal hard drives), and removable data drives (external hard drive or USB flash drive).

You can choose how you want to unlock an encrypted data drive: with a password or a smart card. For removable data drives encrypted with BitLocker To Go, you can set the drive to automatically unlock when you sign in to the PC. For fixed data drives, you can also set the drive to automatically unlock when you unlock the PC, if you prefer, as long as the operating system drive is BitLocker-protected.

To lock a fixed data drive encrypted by BitLocker, you could restart the computer unless you set the drive to automatically unlock when you sign in next.

To lock a removable data drive encrypted by BitLocker To Go, you could disconnect the drive or restart the computer unless you set the drive to automatically unlock when you connect the drive or sign in next.

This tutorial will show you how to add Lock Drive to the context menu of all unlocked fixed and removable drives encrypted by BitLocker to lock the drive on demand in Windows 10 and Windows 11.

You must be signed in as an administrator to add, use, or remove the "Lock Drive" context menu.

The Lock Drive context menu can be handy since it allows you to lock the drive without having to disconnect it or restart the computer. The drive will remain locked until you manually unlock it.

If you turn on auto-unlock for a fixed data drive or removable data drive encrypted by BitLocker, then the drive cannot be locked until you turn off auto-unlock for the drive.

BitLocker Drive Encryption is only available in the Windows 11 Pro, Enterprise, and Education editions.



Contents

  • Option One: Add Lock Drive Context Menu to BitLocker Fixed and Removable Data Drives
  • Option Two: Remove Lock Drive Context Menu from BitLocker Fixed and Removable Data Drives


EXAMPLE: "Lock Drive" context menu

When you right click on an unlocked BitLocker fixed or removable drive, you will need to click/tap on Show more options first, then click/tap on Lock Drive.


Lock_drive_context_menu.png






OPTION ONE

Add Lock Drive Context Menu to BitLocker Fixed and Removable Data Drives


1 Click/tap on the Download button below to download the ZIP file below.

Add_Lock_Drive_to_context_menu.zip


2 Save the .zip file to your desktop.

3 Unblock the .zip file.

4 Open the .zip file, and extract (drag and drop) the Add_Lock_Drive_to_context_menu.reg and lock-bde.bat files to your desktop.

(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Drive\shell\lock-bde]
"AppliesTo"="System.Volume.BitLockerProtection:=1 OR System.Volume.BitLockerProtection:=3 OR System.Volume.BitLockerProtection:=5 NOT C:"
@="Lock Drive"
"HasLUAShield"=""
"MultiSelectModel"="Single"

[HKEY_CLASSES_ROOT\Drive\shell\lock-bde\command]
@="PowerShell -windowstyle hidden -command \"Start-Process cmd -ArgumentList '/s,/c, lock-bde.bat %1' -Verb runAs\""

(Contents of BAT file for reference)
Code:
@echo off
manage-bde -lock %~d1 -ForceDismount

5 Copy/Move the lock-bde.bat file into the C:\Windows folder, and click/tap on Continue when prompted to approve. (see screenshot below)

add_lock_drive.png

6 Double click/tap on the Add_Lock_Drive_to_context_menu.reg file to merge it.

7 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

8 You can now delete any remaining files on your desktop if you like.





OPTION TWO

Remove Lock Drive Context Menu from BitLocker Fixed and Removable Data Drives


This is the default setting.


1 Click/tap on the Download button below to download the REG file below.

Remove_Lock_Drive_from_context_menu.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\Drive\shell\lock-bde]

2 Save the .reg file to your desktop.

3 Double click/tap on the downloaded .reg file to merge it.

4 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

5 You can now delete the downloaded .reg file if you like.

6 Open the C:\Windows folder, delete the lock-bde.bat file, and click/tap on Continue when prompted to approve. (see screenshot below)

remove_lock_drive.png


That's it,
Shawn Brink


 

Attachments

  • BitLocker_drive.png
    BitLocker_drive.png
    5.3 KB · Views: 14
  • Add_Lock_Drive_to_context_menu.zip
    956 bytes · Views: 38
  • Remove_Lock_Drive_from_context_menu.reg
    516 bytes · Views: 32
Last edited:
Top Bottom