How to re-lock a drive with bitlocker

Fri, 29 May 2009 15:29:44 Z

I am using windows 7 bitlocker to encrypt a secondary hard drive. So I unlock the drive with the password successfully. Now how do I relock the drive? The only way I can see is to restart the machine. What bothers me is that even if you log off, and log in as another user the drive is still unlocked! Isnt there a menu item or option to re-lock it?

-mi

How to re-lock a drive with bitlocker

Mon, 01 Jun 2009 10:24:06 Z

Hi,

I did several tests on my side, and I think this is a potential security bug. I will report it to our internal team.

On the other hand, I do not have any workaround for this issue. Please temporarily restart the computer every time for security.

Thank you for your understanding.

How to re-lock a drive with bitlocker

Wed, 03 Jun 2009 15:10:51 Z

Any updates on this?

How to re-lock a drive with bitlocker

Fri, 03 Jul 2009 06:29:14 Z

I too also need an update on this!

How to re-lock a drive with bitlocker

Tue, 07 Jul 2009 09:45:42 Z

Also looking for an answer on this.

"this is a potential security bug" - I'd say definitely a security bug!

An automatic relock timer might be a nice feature also.

How to re-lock a drive with bitlocker

Mon, 10 Aug 2009 13:37:18 Z

You can achieve this through the command line interface

e.g. If P: were my private drive, I can re-lock it with the following command (run the cmd shell with Administrative rights though)

To re-lock a Bitlocker drive on Windows 7 :

manage-bde -lock P:

Enjoy

How to re-lock a drive with bitlocker

Sat, 22 Aug 2009 11:20:13 Z

Thanks for this, Robin. At least I can add a script and pin it to the Start Menu.

This is still an issue in the RTM; I'm a little disappointed it made it through to release.

How to re-lock a drive with bitlocker

Sat, 29 Aug 2009 14:05:53 Z

I made a .cmd-file to re-lock the drives:

From a cmd-prompt, type the following:

C:\Windows\system32>copy con lockdrive.cmd
manage-bde -lock l:
manage-bde -lock k:
^Z [press CTRL-Z]
1 file(s) copied.

Replace l: and/or k: to the corresponding drive letter on your computer.

Make a shortcut to the lockdrive.cmd-file, and check the "run as administrator" check box.

Rgs,
Inge

How to re-lock a drive with bitlocker

Sun, 30 Aug 2009 14:34:50 Z

I have the same problem. By the way, I am using Windows 7 RTM 64-bit. I also through group policy increased the cipher strength to "AES 256-bit with Diffuser".

I encrypted a couple USB hard drives with Bitlocker To Go. I noticed another security issue on top of the one already discovered:

When a Bitlocker To Go disk is connected, initially it is locked with the volume label hidden (as it should be). When you relock the drive using "manage-bde -lock drive:" the volume label is still showing.

Edit: I have been testing this further by unlocking, relocking, and disconnecting the drive multiple times and I noticed that in "Computer" it eventually stopped showing a volume label for this drive when it is unlocked (until I restarted my computer). I am not sure why. But when I used the "dir" command it did show the proper volume label. This might be a bug in the "Computer" display of volume labels, it might not be re-reading the volume labels for drives properly.

When a Bitlocker drive is relocked, it should be in the same state as if it were freshly connected. Also, logging off should automatically relock drives, or at least have an option in the Bitlocker control panel and/or group policy for that.

Regarding the original poster's issue: Logically, one would think right-clicking the unlocked drive and choosing "Manage Bitlocker" would have an option to lock the drive.

How to re-lock a drive with bitlocker

Tue, 01 Sep 2009 18:54:48 Z

this was the best answer ever;)

-mi

How to re-lock a drive with bitlocker

Fri, 13 Nov 2009 12:11:07 Z

Check my post here on how to do the 'Lock Drive' right-click menu entry:

http://jonamafun.blogspot.com/2009/11/how-to-re-lock-bitlocker-drive.html

How to re-lock a drive with bitlocker

Mon, 16 Nov 2009 18:22:05 Z

@jonamafun - followed exactly but getting "The filename,directory name, or volume label syntax is incorrect"
any suggestions?

How to re-lock a drive with bitlocker

Tue, 17 Nov 2009 12:36:53 Z

Try running the batch file from Windows Explorer to see if it actually locks your drive first.

What did you name your .bat file and where is it located? Make sure you put the full path to the file at step 6.

This is what my step 6 looks like:

How to re-lock a drive with bitlocker

Wed, 18 Nov 2009 10:15:22 Z

This could work, but batch file needs to be run as administrator, don't know how to set it yet..

How to re-lock a drive with bitlocker

Sun, 22 Nov 2009 10:50:25 Z

How to re-lock a drive with bitlocker

Sun, 22 Nov 2009 11:07:37 Z

I followed all the steps, but get an error popup:

"The filename, directory name, or volume label syntax is incorrect"

The .bat file it points to works fine.

my runas\command\ looks just like the screen shot.

Any ideas?

How do you add a screen shot to a post here? I could show you what my reg keys look like.

I did discover that I could make a shortcut to lock.bat; and in the advanced shortcut properties it lets you set "Run as Administrator".

So ideally, the reg key setting could point to the shortcut.

Thanks for any help...

How to re-lock a drive with bitlocker

Sun, 22 Nov 2009 11:09:40 Z

Me, too; ever get a solution?

Thanks

How to re-lock a drive with bitlocker

Sun, 22 Nov 2009 14:26:16 Z

i used HTML tags to embed the image here...

Have you tried testing with UAC turned off? I neglected to mention that I'm running without UAC (shhh!) so that may have something to do with it.