ReLock a "bitlocker to go" drive.

Question

I have been using

manage-bde -lock -ForceDismount E:

to relock a bitlocker partition on my ssd on a surface pro 3 without problems. I decided to bitlocker an external usb samsung SSD. When the computer is started, the drive is locked. I can unlock the drive without problems however the above command will not relock the drive with the appropriate drive letter inserted. The window opens to authorize administrator and the command box opens with the command. Everything appears to run ok, but the drive is not relocked. How does one relock a "bitlocker to go" drive? Running Windows 10 pro

***Move from Windows / Windows 10 / Security and privacy***

Answer 1

Hello,

thank you for posting on the Microsoft Community Forums.

Here are some steps you can try to ensure the drive is properly relocked:

1. Make sure you are running the Command Prompt as an administrator. You can do this by typing cmd in the search bar, right-clicking on Command Prompt, and selecting "Run as administrator". Then, use the following command: manage-bde -lock E: -ForceDismount

Ensure that you replace E: with the correct drive letter of your external USB SSD.

2. Double-check that you are using the correct drive letter for your external USB SSD. Sometimes, the drive letter might change when you reconnect the drive.
3. You can also try using the BitLocker management interface to lock the drive. Go to “Control Panel -> System and Security -> BitLocker Drive Encryption”, and look for options to manage your BitLocker To Go drive.
4. If the above steps do not work, you can try physically disconnecting the USB drive and then reconnecting it. This should automatically lock the drive.
5. Sometimes, a simple restart can resolve issues with BitLocker. After restarting, check if the drive is locked.

You can also refer to this thread: How to turn BitLocker back on after turning it off to access external - Microsoft Community.

Hope it helps.

Best regards,

Lei

Answer 2

Lei

Thank you for the attempt to help.

In Response:

1. " The window opens to authorize administrator". In my question I indicated administrator authorization.
2. I am using correct drive letter. "with the appropriate drive letter inserted"
3. Have you looked @ the options? There is no option to lock an unlocked drive that has been encrypt.
4. Yes this works, but is not quick. One should eject drive before disconnecting. Then have to physically reconnect drive. Also sometimes windows will not eject a drive. I assume this is because there is a remaining process in the background which is not identifiable even though the offending program or window has already been closed.
5. "a simple restart". If one has several programs open, the is no such thing as a simple restart. If 5+ programs are open, which is not unusual, it takes several minutes to complete a restart.

"You can also refer to this thread: How to turn BitLocker back on after turning it off to access external - Microsoft Community."

Thank you. This does not resolve the issue, but does give useful information. I use a batch file for relocking bitlocker partitions so I did not see the error message.

Error message is "The drive cannot be encrypted because it contains system boot information. Create a separate partition for use as the system drive that contains the boot information and a second partition for use as the operating system drive and then encrypt the operating system drive."

This drive has been encrypted so I don't understand the "drive cannot be encrypted". At least I have a better understanding of why it is failing to secure again.

I have found that moving the drive to an HP Victus computer running Win 11 it will relock with the command

manage-bde -lock -ForceDismount F:

The computer that won't relock is a Surface Pro 3 which doesn't have TPM(I think). This might be a contributing factor. However the fact that a partion on the main drive does relock on the SP3 but the external USB drive won't leaves me wondering what the additional factors are.

ken