Privacy and Security Add Suspend BitLocker protection to Context Menu in Windows 11

  • Staff
BitLocker_suspend_banner.png

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

You can turn on BitLocker to encrypt the operating system drive (Windows drive), fixed data drives (internal hard drives), and removable data drives (external hard drive or USB flash drive).

You can temporarily suspend BitLocker protection (pause) whenever you like for an unlocked drive encrypted by BitLocker—for example, if you need to install new software that BitLocker might otherwise block—and then resume BitLocker protection on the drive again when you're ready.

Suspend keeps the data encrypted but encrypts the BitLocker volume master key with a clear key. The clear key is a cryptographic key stored unencrypted and unprotected on the disk drive. By storing this key unencrypted, the Suspend option allows for changes or upgrades to the computer without the time and cost of decrypting and re-encrypting the entire drive. After the changes are made and BitLocker is again enabled, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade, the volume master key is changed, the protectors are updated to match and the clear key is erased.

When you suspend BitLocker protection for an OS drive, it will remain unlocked and unprotected until you either manually resume BitLocker protection for the drive, or have it resume BitLocker protection automatically the next time you restart the PC.

When you suspend BitLocker protection for a fixed data drive, it will remain unlocked and unprotected until you manually resume BitLocker protection for the drive. This is even after you restart the PC.

When you suspend BitLocker protection for a removable data drive, it will remain unlocked and unprotected until you manually resume BitLocker protection for the drive. This is even after you restart the PC, or disconnect and reconnect the drive.

This tutorial will show you how to add Suspend BitLocker protection to the context menu of all unlocked drives encrypted by BitLocker for all users in Windows 10 and Windows 11.


You must be signed in as an administrator to add, use, or remove the "Suspend BitLocker protection" context menu.

BitLocker Drive Encryption is only available in the Windows 11 Pro, Enterprise, and Education editions.



Contents

  • Option One: Add Suspend BitLocker protection Context Menu
  • Option Two: Remove Suspend BitLocker protection Context Menu


EXAMPLE: "Suspend BitLocker protection" context menu

When you right click on an unlocked BitLocker drive, you will need to click/tap on Show more options first, then click/tap on Suspend BitLocker protection.


Suspend_BitLocker_Protection_context_menu.png






OPTION ONE

Add Suspend BitLocker protection Context Menu


1 Click/tap on the Download button below to download the ZIP file below.

Add_Suspend_Bitlocker_protection_context_menu.zip


2 Save the .zip file to your desktop.

3 Unblock the .zip file.

4 Open the .zip file, and extract (drag and drop) the Add_Suspend_Bitlocker_protection_context_menu.reg and suspend-bde.bat files to your desktop.

(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Drive\shell\suspend-bde]
@="Suspend BitLocker protection"
"AppliesTo"="(System.Volume.BitLockerProtection:=System.Volume.BitLockerProtection#On"
"HasLUAShield"=""
"MultiSelectModel"="Single"

[HKEY_CLASSES_ROOT\Drive\shell\suspend-bde\command]
@="PowerShell -windowstyle hidden -command \"Start-Process cmd -ArgumentList '/s,/c, suspend-bde.bat %1' -Verb runAs\""

(Contents of BAT file for reference)
Code:
@echo off
manage-bde -protectors -disable %~d1

5 Copy/Move the suspend-bde.bat file into the C:\Windows folder, and click/tap on Continue when prompted to approve. (see screenshot below)

Add_suspend-bde.png

6 Double click/tap on the Add_Suspend_Bitlocker_protection_context_menu.reg file to merge it.

7 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

8 You can now delete any remaining files on your desktop if you like.





OPTION TWO

Remove Suspend BitLocker protection Context Menu


This is the default setting.


1 Click/tap on the Download button below to download the REG file below.

Remove_Suspend_Bitlocker_protection_context_menu.reg


(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\Drive\shell\suspend-bde]

2 Save the .reg file to your desktop.

3 Double click/tap on the downloaded .reg file to merge it.

4 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

5 You can now delete the downloaded .reg file if you like.

6 Open the C:\Windows folder, delete the suspend-bde.bat file, and click/tap on Continue when prompted to approve. (see screenshot below)

Remove_suspend-bde.png


That's it,
Shawn Brink


 

Attachments

  • BitLocker_suspend.png
    BitLocker_suspend.png
    7.3 KB · Views: 19
  • Add_Suspend_Bitlocker_protection_context_menu.zip
    983 bytes · Views: 37
  • Remove_Suspend_Bitlocker_protection_context_menu.reg
    530 bytes · Views: 27
Last edited:

Matthew Wai

Member
Member
VIP
Local time
4:23 PM
Posts
70
Location
China
OS
Windows 10

@Brink, in reply to your above question, I don't know a one-line command to do what you want. However, as a workaround, I have put everything into the attached BAT file, so that users need not extract, copy/move, and merge any ZIP/BAT/REG file mentioned in this tutorial. See whether it works on your Windows 11.
 

Attachments

  • Add_or_remove_Suspend_BitLocker_protection.bat
    2.7 KB · Views: 21

My Computer

System One

  • OS
    Windows 10
Top Bottom