How to Lock BitLocker Encrypted Drive in Windows 10
Windows 10 allows enabling BitLocker for removable and fixed drives (drive partitions and internal storage devices). It supports protection with a smart card or password. You can also make the drive to automatically unlock when you sign in to your user account. Once you unlock the drive, its contents become available for reading and writing.
BitLocker was first introduced in Windows Vista and still exists in Windows 10. It was implemented exclusively for Windows and has no official support in alternative operating systems. BitLocker can utilize your PC's Trusted Platform Module (TPM) to store its encryption key secrets. In modern versions of Windows such as Windows 8.1 and Windows 10, BitLocker supports hardware-accelerated encryption if certain requirements are met (the drive has to support it, Secure Boot must be on and many other requirements). Without hardware encryption, BitLocker switches to software-based encryption so there is a dip in your drive's performance. BitLocker in Windows 10 supports a number of encryption methods, and supports changing a cipher strength.
Note: In Windows 10, BitLocker Drive Encryption is only available in the Pro, Enterprise, and Education editions. BitLocker can encrypt the system drive (the drive Windows is installed on), and internal hard drives. The BitLocker To Go feature allows protecting files stored on a removable drives, such as a USB flash drive. The user can configure the encryption method for BitLocker.
Normally, you should restart Windows 10 to lock all unlocked drives encrypted with BitLocker. Also, you may need to turn off the auto-unlock drive feature to keep them locked. Windows 10 doesn't include a GUI option to lock the drive. Luckily, you can lock your BitLocker protected drives from the console. No restart is required in this case.
To Lock BitLocker Encrypted Drive in Windows 10,
- Open a new command prompt as Administrator (elevated).
- Type or cop-paste the following command:
manage-bde -lock <drive letter>: -ForceDismount
. - Substitute
<drive letter>
with the actual drive letter of the drive you want to lock. For example:manage-bde -lock E: -ForceDismount
. - You are done.
You can now check the BitLocker encryption status for the drive.
Alternatively, you can use PowerShell.
Lock Unlocked BitLocker-Encrypted Drive in PowerShell
- Alternatively, open PowerShell as Administrator.
- Type and run the following command:
Lock-BitLocker -MountPoint "<drive letter>:" -ForceDismount
. - Substitute
<drive letter>
with the actual drive letter of the drive you want to lock. For example:Lock-BitLocker -MountPoint "E:" -ForceDismount
.
You are done!
You can now check the BitLocker encryption status for the drive.
That's
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
I just wanted to say thanks for this. I had looked at another site first that gave incomplete instructions (possibly to push the software they were selling to do this?)