Privacy and Security Turn On or Off Auto-unlock for BitLocker Drive in Windows 11


  • Staff
BitLocker_unlocked_drive_banner.png

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned drives and computers.

You can turn on BitLocker to encrypt the operating system drive (Windows drive), fixed data drives (internal hard drives), and removable data drives (external hard drive or USB flash drive).

If BitLocker has been turned on for the operating system drive, you can set BitLocker to automatically unlock fixed data drives and removable data drives encrypted by BitLocker when you sign in to Windows. BitLocker uses encrypted information stored in the registry and volume metadata to unlock any drives that use automatic unlocking.

This tutorial will show you how to turn on or off auto-unlock for a fixed or removable data drive encrypted by BitLocker for your account in Windows 10 and Windows 11.


You must be signed in as an administrator to turn on or off auto-unlock for a drive.

You must unlock the fixed data drive or removable data drive before you can turn on auto-unlock.

If you turn on auto-unlock for an unlocked fixed data drive or removable data drive encrypted by BitLocker, then the drive cannot be locked until you turn off auto-unlock for the drive.

Auto-unlock only gets applied to the specific current user on the current specific computer.

BitLocker Drive Encryption is only available in the Windows 11 Pro, Enterprise, and Education editions.



Contents

  • Option One: Turn On or Off BitLocker Auto-unlock for Fixed or Removable Data Drive in BitLocker Manager
  • Option Two: Turn On or Off BitLocker Auto-unlock for Fixed or Removable Data Drive using manage-bde command
  • Option Three: Turn On or Off BitLocker Auto-unlock for Fixed or Removable Data Drive in PowerShell





OPTION ONE

Turn On or Off BitLocker Auto-unlock for Fixed or Removable Data Drive in BitLocker Manager


1 Open the Control Panel (icons view), and click/tap on the BitLocker Drive Encryption icon.

2 Do step 3 (on) or step 4 (off) below for what you would like to do.


 3. To Turn On Auto-unlock for Fixed or Removable Data Drive Encrypted by BitLocker

A) Expand open the fixed data drive or removable data drive you want to turn on auto-unlock for. (see screenshot below)​

B) Click/tap on Turn on auto-unlock, and go to step 5 below.​

Turn_on_auto-unlock_Control_Panel.png


 4. To Turn Off Auto-unlock for Fixed or Removable Data Drive Encrypted by BitLocker

This is the default setting.


A) Expand open the fixed data drive or removable data drive you want to turn on auto-unlock for. (see screenshot below)​

B) Click/tap on Turn off auto-unlock, and go to step 5 below.​

Turn_off_auto-unlock_Control_Panel.png

5 You can now close the BitLocker Drive Encryption control panel if you like.





OPTION TWO

Turn On or Off BitLocker Auto-unlock for Fixed or Removable Data Drive using manage-bde command


1 Open Windows Terminal (Admin), and select either Windows PowerShell or Command Prompt.

2 Do step 3 (on) or step 4 (off) below for what you want.


 3. To Turn On Auto-unlock for Fixed or Removable Data Drive Encrypted by BitLocker

A) Type the command below into Windows Terminal (Admin), press Enter, and go to step 5 below. (see screenshot below)​

manage-bde -autounlock -enable <drive letter>:

Substitute <drive letter> in the command above with the actual drive letter of the encrypted drive you want to turn on auto-unlock.

For example: manage-bde -autounlock -enable E:


Turn_on_auto-unlock_mange-bde.png


 4. To Turn Off Auto-unlock for Fixed or Removable Data Drive Encrypted by BitLocker

This is the default setting.


A) Type the command below into Windows Terminal (Admin), press Enter, and go to step 5 below. (see screenshot below)​

manage-bde -autounlock -disable <drive letter>:

Substitute <drive letter> in the command above with the actual drive letter of the encrypted drive you want to turn off auto-unlock.

For example: manage-bde -autounlock -disable E:


Turn_off_auto-unlock_mange-bde.png

5 You can close Windows Terminal (Admin) if you like.





OPTION THREE

Turn On or Off BitLocker Auto-unlock for Fixed or Removable Data Drive in PowerShell


1 Open Windows Terminal (Admin), and select Windows PowerShell.

2 Do step 3 (on), step 4 (off - specific drive), or step 5 (off - all drives) below for what you want.


 3. To Turn On Auto-unlock for Fixed or Removable Data Drive Encrypted by BitLocker

A) Type the command below into Windows Terminal (Admin), press Enter, and go to step 6 below. (see screenshot below)​

Enable-BitLockerAutoUnlock -MountPoint "<drive letter>:"

Substitute <drive letter> in the command above with the actual drive letter of the encrypted drive you want to turn on auto-unlock.

For example: Enable-BitLockerAutoUnlock -MountPoint "E:"


Enable_BitlockerAutoUnlock.png


 4. To Turn Off Auto-unlock for Specific Fixed or Removable Data Drive Encrypted by BitLocker

This is the default setting.


A) Type the command below into Windows Terminal (Admin), press Enter, and go to step 6 below. (see screenshot below)​

Disable-BitLockerAutoUnlock -MountPoint "<drive letter>:"

Substitute <drive letter> in the command above with the actual drive letter of the encrypted drive you want to turn off auto-unlock.

For example: Disable-BitLockerAutoUnlock -MountPoint "E:"


Disable_BitlockerAutoUnlock.png


 5. To Turn Off Auto-unlock for All Fixed Data Drives Encrypted by BitLocker

A) Copy and paste the command below into Windows Terminal (Admin), press Enter, and go to step 6 below. (see screenshot below)​

Clear-BitLockerAutoUnlock

Clear_BitlockerAutoUnlock.png

6 You can close Windows Terminal (Admin) if you like.


That's it,
Shawn Brink


 

Attachments

  • BitLocker_unlocked_drive.png
    BitLocker_unlocked_drive.png
    5.8 KB · Views: 51
Last edited:

Dru2

Well-known member
Power User
VIP
Local time
7:12 PM
Posts
2,090
Location
Virginia
OS
Windows 11 Pro 21H2 (22000.795)
@Brink, I found the error of my post (thus it's removal) o_O

I see when you got to click "auto-unlock", if the OS drive isn't using BitLocker, you're presented with a screen saying the OS drive needs to have BitLocker enabled. Never knew that since I also BitLocker the OS drive.

Sorry :censored:
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 21H2 (22000.795)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 P2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 3
    Internet Speed
    500mb Download. 11mb Upload
    Browser
    Microsoft Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, audiophile media center, work.
  • Operating System
    Win 11 Pro Dev 22H2 (build 25140.1000)
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkPad Yoga X1
    CPU
    Intel i7-7600U
    Motherboard
    Intel
    Memory
    16igg
    Graphics card(s)
    Intel HD 620
    Sound Card
    Onboard
    Monitor(s) Displays
    14.0 WQHD OLED Touch
    Screen Resolution
    2560 x 1440
    Hard Drives
    1TB NVMe Drive (OEM)
    PSU
    laptop
    Case
    laptop
    Cooling
    Laptop cooling
    Mouse
    Logitech MX Anywhere 2S
    Keyboard
    Laptop
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security

Brink

Administrator
Staff member
MVP
Thread Starter
Local time
6:12 PM
Posts
5,565
OS
Windows 11 Pro for Workstations
@Brink, I found the error of my post (thus it's removal) o_O

I see when you got to click "auto-unlock", if the OS drive isn't using BitLocker, you're presented with a screen saying the OS drive needs to have BitLocker enabled. Never knew that since I also BitLocker the OS drive.

Sorry :censored:

No worries mate. :-)

It's included in the info at the top of the tutorial to help.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 980 PRO M.2,
    1TB Samsung 970 EVO Plus M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Motorola MB8611 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S20 Ultra 5G phone
  • Operating System
    Windows 11 Pro for Workstations
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1
    CPU
    i7-1065G7 3.9 GHz
    Memory
    16 GB LPDDR4-3200
    Graphics card(s)
    Intel Iris Plus
    Sound Card
    Intel SST
    Monitor(s) Displays
    13.3" 4K UWVA AMOLED multitouch
    Screen Resolution
    3840 x 2160
    Hard Drives
    512 GB PCIe NVMe M.2 SSD
    Browser
    Google Chrome
    Antivirus
    Windows Defender and Malwarebytes Premium

Dru2

Well-known member
Power User
VIP
Local time
7:12 PM
Posts
2,090
Location
Virginia
OS
Windows 11 Pro 21H2 (22000.795)
No worries mate. :)

It's included in the info at the top of the tutorial to help.

Yeah, that's the part I questioned... :sick:
If BitLocker has been turned on for the operating system drive,

While you can get the "Auto-unlock" option to appear (without having the OS drive BitLockered). Clicking the option will present you with a screen alerting you that the OS drive also needs BitLocker to use Auto-unlock...

Screenshot 2021-11-15 154839.jpg


That's the part I didn't know because I typically always turn on OS BitLocker anyway. Never knew it "had to be on" in order for "Auto-unlock" feature to work on data drives until I tested it.

Learn something new everyday :)
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 21H2 (22000.795)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 P2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 3
    Internet Speed
    500mb Download. 11mb Upload
    Browser
    Microsoft Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, audiophile media center, work.
  • Operating System
    Win 11 Pro Dev 22H2 (build 25140.1000)
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkPad Yoga X1
    CPU
    Intel i7-7600U
    Motherboard
    Intel
    Memory
    16igg
    Graphics card(s)
    Intel HD 620
    Sound Card
    Onboard
    Monitor(s) Displays
    14.0 WQHD OLED Touch
    Screen Resolution
    2560 x 1440
    Hard Drives
    1TB NVMe Drive (OEM)
    PSU
    laptop
    Case
    laptop
    Cooling
    Laptop cooling
    Mouse
    Logitech MX Anywhere 2S
    Keyboard
    Laptop
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security

Brink

Administrator
Staff member
MVP
Thread Starter
Local time
6:12 PM
Posts
5,565
OS
Windows 11 Pro for Workstations
It would make it less confusing if the setting was automatically removed if the OS drive wasn't BitLocker protected.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro for Workstations
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom self build
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G75 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 980 PRO M.2,
    1TB Samsung 970 EVO Plus M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3 wall mounted
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gbps Download and 35 Mbps Upload
    Browser
    Google Chrome
    Antivirus
    Microsoft Defender and Malwarebytes Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Motorola MB8611 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S20 Ultra 5G phone
  • Operating System
    Windows 11 Pro for Workstations
    Computer type
    Laptop
    Manufacturer/Model
    HP Spectre x360 2in1
    CPU
    i7-1065G7 3.9 GHz
    Memory
    16 GB LPDDR4-3200
    Graphics card(s)
    Intel Iris Plus
    Sound Card
    Intel SST
    Monitor(s) Displays
    13.3" 4K UWVA AMOLED multitouch
    Screen Resolution
    3840 x 2160
    Hard Drives
    512 GB PCIe NVMe M.2 SSD
    Browser
    Google Chrome
    Antivirus
    Windows Defender and Malwarebytes Premium

Dru2

Well-known member
Power User
VIP
Local time
7:12 PM
Posts
2,090
Location
Virginia
OS
Windows 11 Pro 21H2 (22000.795)
It would make it less confusing if the setting was automatically removed if the OS drive wasn't BitLocker protected.
Yeah, its definitely confusing having it appear when all the parameters aren't even met :oops:

As usual your tutorials are always enlightening. Thanks (y)
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 21H2 (22000.795)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom built
    CPU
    Intel i9-9900K
    Motherboard
    Gigabyte Aorus Z390 Xtreme
    Memory
    32G (4x8) DDR4 Corsair RGB Dominator Platinum (3600Mhz)
    Graphics Card(s)
    Radeon VII
    Sound Card
    Onboard (ESS Sabre HiFi using Realtek drivers)
    Monitor(s) Displays
    NEC PA242w (24 inch)
    Screen Resolution
    1920 x 1200
    Hard Drives
    5 Samsung SSD drives: 2X 970 NVME (512 & 1TB), 3X EVO SATA (2X 2TB, 1X 1TB)
    PSU
    EVGA Super Nova I000 P2 (1000 watt)
    Case
    Cooler Master H500M
    Cooling
    Corsair H115i RGB Platinum
    Keyboard
    Logitech Craft
    Mouse
    Logitech MX Master 3
    Internet Speed
    500mb Download. 11mb Upload
    Browser
    Microsoft Edge Chromium
    Antivirus
    Windows Security
    Other Info
    System used for gaming, photography, audiophile media center, work.
  • Operating System
    Win 11 Pro Dev 22H2 (build 25140.1000)
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkPad Yoga X1
    CPU
    Intel i7-7600U
    Motherboard
    Intel
    Memory
    16igg
    Graphics card(s)
    Intel HD 620
    Sound Card
    Onboard
    Monitor(s) Displays
    14.0 WQHD OLED Touch
    Screen Resolution
    2560 x 1440
    Hard Drives
    1TB NVMe Drive (OEM)
    PSU
    laptop
    Case
    laptop
    Cooling
    Laptop cooling
    Mouse
    Logitech MX Anywhere 2S
    Keyboard
    Laptop
    Internet Speed
    100MB
    Browser
    Edge Chromium
    Antivirus
    Windows Security
Top Bottom