How to Lock a Bitlocker Drive without Admin Rights

Florian Stüssi 0 Reputation points
2025-02-28T08:25:02.66+00:00

The end-goal is a way to lock a BitLocker encrypted drive that has auto-unlock off and is secured with admin rights.

The ideal workflow:

  1. The user boots up and has a locked drive -> No problem, disable auto unlock and set a password
  2. The user finishes his work and wants to lock the drive again -> I found ways, but all require admin privileges

Here are my solution attempts for Step 2

2.1. I Tried this Re-locking a drive with BitLocker - Microsoft Community with no success, admin rights required

2.2. I Tried this 4 Methods to Lock BitLocker Drives without Restart in Windows 10 option 4. with no success, admin rights required

2.3 I Created a Scheduled Task with NT-Authority\System rights that runs a script which locks the drive. To run this task I needed admin rights. The Task itself works.

2.3.1 I Tried to trigger the task by an event ID -> the task does not trigger

2.3.2 I Tried to trigger the task by the default events like Local User Logoff, Remote User Logoff and Lock the screen-> the task does not trigger

If I can provide any additional Information please do let me know, I really wish this Problem solved.

Windows for business | Windows Client for IT Pros | User experience | Other
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Welf Alberts 11 Reputation points
    2025-02-28T16:13:14.94+00:00

    Hi.

    Back when I was young and free, I "invented" a way for needs like this. Read my article https://www.experts-exchange.com/articles/33548/How-to-empower-restricted-users-to-execute-defined-administrative-tasks.html

    Since I am a Bitlocker expert as well, i can assure you that this fits your needs.

    0 comments No comments

  2. Anonymous
    2025-03-03T04:28:52.69+00:00

    Hello

    Thank you for posting in Q&A forum.

    Here are a few steps you can try:

    1. Using Command Prompt:

    • Open Command Prompt (you might need admin rights for this step).

    • Type manage-bde -lock X: (replace X with the drive letter of your BitLocker drive) and press Enter.

    2. Creating a Batch File:

    • Open Notepad and type manage-bde -lock X: (replace X with the drive letter).

    • Save the file with a .bat extension.

    • Run the batch file (you might need admin rights to execute it).

    3. Using a Scheduled Task:

    • Create a scheduled task that runs with elevated privileges.

    • Set the task to run a script that locks the BitLocker drive using the manage-bde -lock X: command (replace X with the drive letter).

    • You can trigger this task manually or set it to trigger based on specific events, such as user logoff

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.