BitLocker is a nice tool of Windows which allows you to encrypt and password-protect a drive without having to install 3rd-party software. When you shut-down or hibernate your computer, BitLocker locks the drive and on next load it prompts for the password. That setting, though, doesn’t work if you just put your computer to sleep.
That means that if you need to leave your computer for a while and want to lock the open BitLocker drive to prevent unauthorized access, the only option is to either put it in hibernation or shut it down, which may not always be the most convenient solution. Luckily, there is a relatively easy workaround, which boils down to writing a small .bat
script and schedule a task to run it when the computer goes to sleep. Here are the steps:
Create the .bat script
Go to a folder (any folder, as long as you will not delete or move it in the future), create a new text document and change it’s filetype to .bat
. The filename can be anything you like, e.g. bitlocker_drive_lock.bat
.
Then, open the file on notepad or any text editor, and paste the following: manage-bde -lock [DRIVE_LETTER]: -ForceDismount
, replacing [DRIVE_LETTER] with the actual letter of the drive that you want to encrypt. For example, if your drive is in D, it should be: manage-bde -lock D: -ForceDismount
.
The -ForceDismount
parameter is important, as it tells BitLocker to try and lock the drive even if it is currently in use.
If you right click on the file and run it as Administrator, you will see that it will lock the drive. Congratulations, you just got a way to manually lock your drive without rebooting or closing your computer!
Create the task
Now, all we need to do it to somehow make the script run automatically every time our computer goes to sleep. And that’s the slightly tricky part, as there is no direct way to achieve this. Instead, we need to use Windows’ Task Scheduler to create a task which will trigger the script when a specific event is detected. To do so:
Open the Task Scheduler and click on “Create a Basic Task“.
Give the task a name that makes sense to you, to easily identify it, and hit next. On “Trigger“, select “When a specific event is logged“. Then, set the following options:
- Trigger: System
- Source: Kernel-Power
- Event: ID: 506
Hit “Next”, and on the “Action” screen” select “Start a program” and select the .bat script that you have created earlier.
After the task is created, double-click on it and enable “Run with highest privileges“.
That’s all! The next time your computer goes to sleep, your BitLocker drive will lock and when you try to access it again, will prompt for the password.
Aha. But you don’t say where to keep the .BAT file.
Where should it live?
It doesn’t really matter, as long as you keep it at the same place and not remove it. It can be in your documents folder or anywhere you like.
You don’t mean
Trigger: System
Source: Kernel-Power
Event: ID: 506
You mean
Log: System
Source: Kernel-Power
Event: ID: 506
Not working with event ID 506, but kinda working with event ID 42