Wednesday, January 2, 2013

BIT LOCKER IN WINDOWS 8: LOCKING AFTER UNLOCKING THE DRIVE WITHOUT RESTARTING THE MACHINE

Bit Locker can do wonders..
But when I configured Bit Locker for one of my drives in Windows 8, though it worked smoothly, I faced a real problem!!!!!

I can unlock the Drive.
But...............
I can not lock it.. 
My Bit Locker Encrypted drive remains open, until I restart my Lap.

Tried a lot in many of the sites including the following:-

http://scorpiondivine.blogspot.in/2012/01/how-to-relock-bitlocker-encrypted-drive.html
http://jonamafun.blogspot.in/2009/11/how-to-re-lock-bitlocker-drive.html

I sincerely thanks the efforts put in by both Bloggers.

But, things didn't work for me.
Finally, after a lot of investigations, i found out the real reason is the Villain named "Elevated privileges".

Anyway, I worked it out my way, with inputs from the above site and I am sharing these for you...!

STEP-1
Copy the following which is in RED and paste it on a Notepad file.

manage-bde -lock G: -forcedismount  

Please take a note to replace the G: with the corresponding one of your Bit Locker drive Letter.

Save the Notepad as lock.bat 

Copy this file to the C:\Windows folder.

STEP-2

Now Copy the following which is in BLUE and paste it on a Notepad file.


Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Drive\shell\runas]
@="Lock"

[HKEY_CLASSES_ROOT\Drive\shell\runas\AppliesTo]
@="G:\\"

[HKEY_CLASSES_ROOT\Drive\shell\runas\command]
@="runas /user:pradeep\\administrator /savecred c:\\windows\\lock.bat"

make the following changes:-

In the  @="G:\\" part, put the Drive Letter of your Bit Locker drive. Eg. @="D:\\"

In the @="runas /user:pradeep\\administrator /savecred c:\\windows\\lock.bat" part,
pay attention towards,user:pradeep\\administrator.
pradeep is my Computer Name.
You have to replace pradeep with your Computer Name (You can check it by Right clicking My Computer Icon on your Desktop and Selecting properties. Else, you may type sysdm.cpl in RUN or COMMAND PROMPT and press ENTER, you will get the Computer Name).

After theses changes, save the Notepad as lock.reg somewhere on desktop.

STEP-3

Now, double click the lock.reg file. It will give out some warnings, don't worry, Click YES and you will get a Completion Message and Click OK

STEP-4
 
Now go to Command Prompt or RUN, type lusrmgr.msc and enter.
you will get a Console Window for Users and Group. It will look like the below given picture. (Click on the picture to enlarge it.)

STEP-5

Right Click on the Administrator and Select Properties.
remove the tick mark in front of "Account is Disabled".
It should look as follows:-






















Click Apply and OK.

STEP-6

Now, Right Click the Administrator and select Set Password.
There will be a Warning Message as follows:-













Click Proceed and the next window opens:-















Give a Password of your Choice in the First Space and repeat the same in the next space.
Click OK.
You will get a Confirmation that the Password is Set. Click OK.

STEP-7

Restart your Machine.

Unlock your Bit Locker drive with your password.

STEP-8

Now Right Click the Bit Locker Drive.......
You will see...

 

 









A selectable "Lock" in the context.
Click the "Lock".
the following appears..

Type the password which you have given in STEP- 6.
You will not be able to see what you type, so please be careful to give the correct password.

A black screen pops up...... and ..
Your Drive is Locked....!

That's all...
----------------
For any clarifications, doubts, please mail me at pradeepthegreat2010@gmail.com.
I will be more than happy to help.

Thank You and if you like the post, please Join this site.


Posted by at
Labels: , , , , , , , , , , , ,

16 comments:

  1. NameerJanuary 4, 2013 at 8:44 AM

    i read your post on
    LOCKING AFTER UNLOCKING THE DRIVE WITHOUT RESTARTING THE MACHINE
    and this post helps to lock only one disc that path were given in manage bde...!
    i have three drives bitlocked ...
    how to use this trick for more than one drive...

    ReplyDelete
    Replies
    1. AnonymousMay 30, 2013 at 6:10 PM

      You can enter Multiple drives in the "Lock.bat" like so:
      manage-bde -lock e:
      manage-bde -lock f:
      manage-bde -lock g:

      Delete
  2. AnonymousFebruary 26, 2013 at 11:54 PM

    great job thanks worked for me

    ReplyDelete
  3. AnonymousMarch 12, 2013 at 6:04 PM

    It is a great job and technically perfect solution. Searched a lot in Internet, finally Google gave me your solution. thank you..Why don't you publish a book on such tricks.? will be helpful for many?

    ReplyDelete
  4. AnonymousApril 22, 2013 at 8:59 PM

    It comes up with the window asking for the password when I choose to lock, and even though I type the password CORRECTLY, the window closes and the drive is still unlocked.
    If I try it a second time, the window flashes with some message inside that I cannot read because it doesn't stay open long enough.

    ReplyDelete
  5. AnonymousMay 1, 2013 at 5:27 PM

    I came here from google.

    I've been searching a long time for a solution like this! Thanks alot!!
    Since my language is different than English I had to replace Step 2:
    "@="runas /user:pradeep\\administrator /savecred c:\\windows\\lock.bat"
    ...with "administrator to my language" (only a tip for those who doesn't use the English language) :)

    Althought I got a question, is there any way to create an "unlock" to the list as well?

    ReplyDelete
  6. UnknownMay 2, 2013 at 3:30 PM

    bhayiya i having a big problem related to bitlocker. i applied you formula but my problem doesn,t solved my disk is showing application not found.but on that disk my very very imp.data is stored so plse suggest me what to do.

    ReplyDelete
  7. Bhavit Singh SengarMay 17, 2013 at 10:56 AM

    This is happening because you haven't copied the lock.bat file into c:/windows/ . Do this, and then watch results. It worked for me Pradeep, thanks.

    ReplyDelete
  8. UnknownAugust 12, 2013 at 6:43 PM

    I have a same problem as above, help please

    ReplyDelete
  9. UnknownAugust 12, 2013 at 7:10 PM

    Dear Sir
    I found my problem, in step 2 at last line I changed
    @="runas /user:Razavi\\administrator /savecred c:\\windows\\lock.bat"
    to
    @="runas /user:Razavi\\administrator /savecred E:\\windows\\lock.bat"
    because my windows drive is E not c
    So thanks for your help and comments and I apologize for my mistake it`s not yours.

    ReplyDelete
  10. Sleepy wajihFebruary 11, 2014 at 4:08 PM

    thanks..... it worked for me :)

    ReplyDelete
  11. AnonymousApril 26, 2014 at 2:30 PM

    Hello Sir, I have a problem after step 8. I am trying to Lock the drive, 1st time it asked for password. But it did not lock the drive. From 2nd time onwards, a command window popup and vanishes immediately. Can you please help.

    ReplyDelete
  12. AnonymousMay 13, 2014 at 12:51 PM

    I liked the http://scorpiondivine.blogspot.in/2012/01/how-to-relock-bitlocker-encrypted-drive.html approach better, its very easy & quick.

    I fixed elevation problem using http://stackoverflow.com/a/23624900/2181604

    Windows Registry Editor Version 5.00
    [HKEY_Current_User\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
    "c:\\windows\\system32\\manage-bde.exe"="RUNASADMIN"

    ReplyDelete
  13. AnonymousDecember 13, 2014 at 1:16 AM

    Dear Sir,
    Finally it works.
    There are two problems in this method remains. First, it needs a password for unlocking, it is weird. Second, I prefer when I lock the bitlocker drive, files which open close immediately.

    Anyhow, I do appreciate your knowledge sharing.

    Regards

    ReplyDelete

Subscribe to: Post Comments (Atom)