This tutorial will show you how to manually lock a fixed data drive or removable data drive encrypted by BitLocker in Windows 10 and Windows 11.
BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers. You can turn on BitLocker protection for operating system drives, fixed drives, and removable drives.
You can manually lock on demand a fixed data drive or removable data drive encrypted by BitLocker to prevent access to the BitLocker-protected data.
An operating system drive will automatically lock when you shut down the computer. Manually locking an operating system drive is not supported.
A fixed data drive will automatically lock when you restart the computer unless you set the drive to auto-unlock when you sign in next.
A removable data drive will automatically lock when disconnected or you restart the computer unless you set the drive to auto-unlock when you reconnect the drive or sign in next.
You will not be able to manually lock a fixed data drive or removable data drive while auto-unlock is turned on for the drive.
You will not be able to manually lock a fixed data drive or removable data drive while BitLocker protection is suspended for the drive.
You must be signed in as an administrator to manually lock a fixed data drive or removable data drive encrypted by BitLocker.
Contents
- Option One: Lock BitLocker Fixed or Removable Data Drive using manage-bde Command
- Option Two: Lock BitLocker Fixed or Removable Data Drive using Lock-BitLocker Command
1 Open Windows Terminal (Admin), and select either Windows PowerShell or Command Prompt.
2 Type the command below into Windows Terminal (Admin), press Enter. (see screenshot below)
manage-bde -lock "<drive letter>:" -ForceDismount
Substitute <drive letter> in the command above with the actual drive letter of the BitLocker drive you want to lock.
For example: manage-bde -lock "D:" -ForceDismount
1 Open Windows Terminal (Admin), and select Windows PowerShell.
2 Type the command below into Windows Terminal (Admin), press Enter. (see screenshot below)
Lock-BitLocker -MountPoint "<drive letter>:" -ForceDismount
Substitute <drive letter> in the command above with the actual drive letter of the BitLocker drive you want to lock.
For example: Lock-BitLocker -MountPoint "D:" -ForceDismount
That's it,
Shawn Brink
Related Tutorials
- Add Lock Drive with BitLocker Context Menu in Windows 11
- Turn On BitLocker for Fixed Data Drive in Windows 11
- Turn On BitLocker for Removable Data Drive in Windows 11
- Turn Off BitLocker for Drive in Windows 11
- Suspend or Resume BitLocker Protection for Drive in Windows 11
- Check BitLocker Drive Encryption Status of Drive in Windows 11
- Change BitLocker Password for Drive in Windows 11
Last edited: