Privacy and Security Lock BitLocker Drive in Windows 11


BitLocker_drive_banner.png

This tutorial will show you how to manually lock a fixed data drive or removable data drive encrypted by BitLocker in Windows 10 and Windows 11.

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers. You can turn on BitLocker protection for operating system drives, fixed drives, and removable drives.

You can manually lock on demand a fixed data drive or removable data drive encrypted by BitLocker to prevent access to the BitLocker-protected data.

An operating system drive will automatically lock when you shut down the computer. Manually locking an operating system drive is not supported.

A fixed data drive will automatically lock when you restart the computer unless you set the drive to auto-unlock when you sign in next.

A removable data drive will automatically lock when disconnected or you restart the computer unless you set the drive to auto-unlock when you reconnect the drive or sign in next.

You will not be able to manually lock a fixed data drive or removable data drive while auto-unlock is turned on for the drive.

You will not be able to manually lock a fixed data drive or removable data drive while BitLocker protection is suspended for the drive.

You must be signed in as an administrator to manually lock a fixed data drive or removable data drive encrypted by BitLocker.




Contents

  • Option One: Lock BitLocker Fixed or Removable Data Drive using manage-bde Command
  • Option Two: Lock BitLocker Fixed or Removable Data Drive using Lock-BitLocker Command




Option One

Lock BitLocker Fixed or Removable Data Drive using manage-bde Command


1 Open Windows Terminal (Admin), and select either Windows PowerShell or Command Prompt.

2 Type the command below into Windows Terminal (Admin), press Enter. (see screenshot below)

manage-bde -lock "<drive letter>:" -ForceDismount

Substitute <drive letter> in the command above with the actual drive letter of the BitLocker drive you want to lock.

For example: manage-bde -lock "D:" -ForceDismount


BitLocker_lock_drive_manage-bde.png





Option Two

Lock BitLocker Fixed or Removable Data Drive using Lock-BitLocker Command


1 Open Windows Terminal (Admin), and select Windows PowerShell.

2 Type the command below into Windows Terminal (Admin), press Enter. (see screenshot below)

Lock-BitLocker -MountPoint "<drive letter>:" -ForceDismount

Substitute <drive letter> in the command above with the actual drive letter of the BitLocker drive you want to lock.

For example: Lock-BitLocker -MountPoint "D:" -ForceDismount


Lock-BitLocker.png



That's it,
Shawn Brink


 
Last edited:

Latest Support Threads

Back
Top Bottom