How to Lock BitLocker Encrypted Drive in Windows 10

BitLocker Big 256 Icon 2

How to Lock BitLocker Encrypted Drive in Windows 10

Windows 10 allows enabling BitLocker for removable and fixed drives (drive partitions and internal storage devices). It supports protection with a smart card or password. You can also make the drive to automatically unlock when you sign in to your user account. Once you unlock the drive, its contents become available for reading and writing.

BitLocker was first introduced in Windows Vista and still exists in Windows 10. It was implemented exclusively for Windows and has no official support in alternative operating systems. BitLocker can utilize your PC's Trusted Platform Module (TPM) to store its encryption key secrets. In modern versions of Windows such as Windows 8.1 and Windows 10, BitLocker supports hardware-accelerated encryption if certain requirements are met (the drive has to support it, Secure Boot must be on and many other requirements). Without hardware encryption, BitLocker switches to software-based encryption so there is a dip in your drive's performance. BitLocker in Windows 10 supports a number of encryption methods, and supports changing a cipher strength.

Note: In Windows 10, BitLocker Drive Encryption is only available in the Pro, Enterprise, and Education editions. BitLocker can encrypt the system drive (the drive Windows is installed on), and internal hard drives. The BitLocker To Go feature allows protecting files stored on a removable drives, such as a USB flash drive. The user can configure the encryption method for BitLocker.

Normally, you should restart Windows 10 to lock all unlocked drives encrypted with BitLocker. Also, you may need to turn off the auto-unlock drive feature to keep them locked. Windows 10 doesn't include a GUI option to lock the drive. Luckily, you can lock your BitLocker protected drives from the console. No restart is required in this case.

To Lock BitLocker Encrypted Drive in Windows 10,

  1. Open a new command prompt as Administrator (elevated).
  2. Type or cop-paste the following command: manage-bde -lock <drive letter>: -ForceDismount.
  3. Substitute <drive letter> with the actual drive letter of the drive you want to lock. For example: manage-bde -lock E: -ForceDismount.
  4. You are done.

You can now check the BitLocker encryption status for the drive.

Alternatively, you can use PowerShell.

Lock Unlocked BitLocker-Encrypted Drive in PowerShell

  1. Alternatively, open PowerShell as Administrator.
  2. Type and run the following command: Lock-BitLocker -MountPoint "<drive letter>:" -ForceDismount.
  3. Substitute <drive letter> with the actual drive letter of the drive you want to lock. For example: Lock-BitLocker -MountPoint "E:" -ForceDismount.

You are done!

You can now check the BitLocker encryption status for the drive.

That's

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

One thought on “How to Lock BitLocker Encrypted Drive in Windows 10”

  1. I just wanted to say thanks for this. I had looked at another site first that gave incomplete instructions (possibly to push the software they were selling to do this?)

Leave a Reply

Your email address will not be published.

Exit mobile version
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.