When you walk away from your Windows PC, who knows who will take advantage of your absence? A suspicious spouse? A dishonest business partner? A nosy friend? If you have an Apple Mac, you can encrypt the hard-drive with a couple of clicks. But did you know that Windows also has its very own proprietary built-in encryption system called Bitlocker? It is extremely easy to set up and use, but the set-up part can take some time.

Beginning with Windows Vista, Bitlocker is only available with the following versions of Windows.

  • Ultimate and Enterprise editions of Windows Vista and Windows 7.
  • Pro and Enterprise editions of Windows 8 and 8.1.
  • Pro, Enterprise, and Education editions of Windows 10.
  • Windows Server 2008 and later.

Setting Up Bitlocker

Assuming you have an eligible version of Windows, you can right-click on the drive you want to encrypt and look for the option “Turn Bitlocker On“. However, I would not recommend encrypting the drive which the operating system has been installed on. If the drive is encrypted, the system will not start up!


Wait for the encryption process to start up, and you will then be asked for your login method. This can either be a password or a Smart Card. I personally use a password – make it strong, but make sure you remember it!


After asking a couple of more questions, the drive will begin encrypting. You will be asked first to download and backup a “recovery key” (a text file) which is your only insurance policy against a forgotten password. So make multiple copies, but do not put them in the drive being encrypted!

Depending on the size of the hard drive, the encryption process can take quite some time. A USB stick can be done in under a hour for example, but a 2TB hard-drive will take days, perhaps even a week. But there are two good things here – one, you can continue to use the drive while it is being encrypted. Secondly, when it comes time to switch the computer off, simply pause the encryption process. When you switch the computer on again, the process will simply continue from where it left off.

When the drive is completely encrypted, it will then have a menu which looks like the following :


“Auto-unlock” is when you boot up the computer and the drive automatically decrypts without the need for a password. But to me, that makes encryption pretty useless. So I’d advise keeping this switched off.

When you now start up your computer, the hard drive will have a padlock next to it. To unlock the drive, double-click on it, and enter your password in the box provided.

But Where’s The Lock Feature?

Bitlocker, as it stands, is an excellent encryption protocol. But the one thing which is weirdly missing is the ability to lock the drive without shutting the computer down first. What if you simply need to make a coffee or go to the bathroom? Shutting down the computer each time to activate Bitlocker would quickly become extremely inconvenient, especially if you are in the middle of something.

But there IS a way to add an auto-lock feature. It requires delving into the Windows Task Scheduler and the Registry Editor. But it only works on Windows 7, 8, and 10. I’ve tested this on Windows 10 and it works perfectly.

How To Add The Lock Feature

  • Press the Win & R keys together to open the “Run” box. Then type taskschd.msc and press enter.


  • This will open the Task Scheduler. Right-click on “Task Scheduler (Local)” and choose “Create Task“.


  • Go to the “General” tab and give the task a name (“Bitlocker_autolock_task” is good). If you want, add a description, and finally check the box next to “Run with the highest privileges“. Everything else in that box should be left untouched.


  • Now go to the Actions tab and click on new. Under “Program/script” type the following – %windir%\System32\cmd.exe


  • In “add arguments”, type: /c start “bitlocker_autolock_task” manage-bde -lock E: -ForceDismount  If the drive you want to encrypt is NOT Drive E, then change the E in “Add Arguments” to the actual letter of the drive.
  • Now go to the “Conditions” tab and uncheck “Start the task only if the computer is on AC power“. Click OK to save the changes and now close the task editor.


Before we go any further, you need to test to see if the lock function actually works. So go to the list of tasks, find the one you have just made, right-click on it, and choose “Run“. See if your drive now locks.

If it does, great. If not, you’ve done something wrong and you need to go back and figure it out before you go any further.

Adding The Lock Drive Option To Your Right-Click Explorer Menu

Now you need to have the lock option available as soon as you right-click on the drive.

  • Press the Win & R keys together to open the “Run” box. Type regedit and press enter. This opens the Registry Editor. Once it opens, go to HKEY_CLASSES_ROOT\Drive\shell.
  • Right click on “Shell” , choose New” -> “Key” and left click on “Key“. Name it runas and press enter.


  • In “Runas“, double-click on the “Default” option and name it Lock Drive under “Value data“. Click OK to save.


  • Right click on “Runas” , choose “New” -> “Key” and left click on “Key”. Name it command and hit enter. In “Command”, double click on “Default” and in the “value data” box, type in : C:\Windows\System32\schtasks.exe /run /tn “bitlocker_autolock_task”. Click OK to save.


Right-click on “Runas” , choose “New” -> “String value” and left-click on “String value“. Type in AppliesTo and press enter. In “Runas” double-click on “AppliesTo” and type in E: . Click OK to save. If E is not the letter of the drive being encrypted, substitute E with the actual letter of the drive.


That’s it. Now go to your Bitlocker-encrypted drive in Windows Explorer, and you should now see a “Lock Drive” option in the right-hand menu. Test it and see if it works.


If you need this lock function for different Bitlocker drives, you will have to repeat this process for each of them individually. There’s no way to do them all together in bulk. But it doesn’t take long as you will see.

Let us know in the comments if you have any problems. Also let us know if you know of a better way to do this.