List of downloads
List of downloads
The problem with Bitlocker is that it doesn't lock your drive when you lock your workstation. I don't know for you, but I find that disturbing because someone can log in with another user and access the said drive. What I find even more problematic that there isn't any 'obvious' way to lock the drive - at least not in the way it can be unlocked.Here is how you can lock your drive manually (Lets assume that the drive letter is P):
manage-bde -lock P:
To be able to do it from Windows Explorer, you will need to create a cmd script called LockBDE.cmd that will lock the drive for you, and locate it somewhere where every user can read it. I have placed mine into c:\Users
@echo off setLocal EnableDelayedExpansion set _DRIVE_=%1 IF !_DRIVE_:~-1!==\ SET _DRIVE_=!_DRIVE_:~0,-1! c:\users\nircmdc.exe elevate C:\Windows\System32\manage-bde.exe -lock %_DRIVE_%
Now merge this into registry:
Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\Drive\shell\Lock Drive] "AppliesTo"="(System.Volume.BitLockerProtection:=System.Volume.BitLockerProtection#On OR System.Volume.BitLockerProtection:=System.Volume.BitLockerProtection#Encrypting OR System.Volume.BitLockerProtection:=System.Volume.BitLockerProtection#Suspended) AND System.Volume.BitLockerCanChangePassphraseByProxy:=System.StructuredQueryType.Boolean#True" "MultiSelectModel"="Single" @="" [HKEY_CLASSES_ROOT\Drive\shell\Lock Drive\command] @="C:\\Users\\LockBDE.cmd %1"
Since there is no straight way to elevate the console (manage-bde requires elevated mode), you will have to relay on the third party tool NirCmd (NirSoft website). It's a free tool and there are 32bit and 64bit binaries available. Download it and copy the nircmdc.exe in the same folder where the CMD script will be located in (or somewhere in path).
Viola! When you right click on the unlocked Bitlocker encrypted drive, you have a new option that allows you to lock the drive!
Granted, it is not pretty to see two console windows, but it works!