2

I recently realized that after authenticating USB devices on a machine, then completely logging out, the next user that logged in was able to access them.

Is this something in the bitlocker settings that needs to be turned on?

I would hope that when I completely log out, it would also re-lock my USB devices in the event I forget to take them with me!

Thanks!

CBHacking
  • 40,303
  • 3
  • 74
  • 98
jarhed
  • 33
  • 6

2 Answers2

1

BitLocker is a system-level feature, not a user-level feature, and this apparently also applies to removable drives. @Joe's answer is accurate but not complete, as you would still need to manually run that command each time.

If you want the drives to be locked automatically when you log off, you should

  1. Create a script (such as batch file) that executes the manage-bde.exe -lock <x>: -fd command for each drive letter <x> that you want to lock.
  2. Use gpedit.msc (the Group Policy Editor) and go down the path User Configuration → Windows Settings → Scripts and assign that script as a Logoff script.

More info on setting a logoff script, with screenshots, is available here.

CBHacking
  • 40,303
  • 3
  • 74
  • 98
  • Thank you. I'd love to +1 this, but with not enough 'reputation' yet, I'm unable. SE states it does record my click though. ;) – jarhed Aug 14 '17 at 14:57
0

Google is your friend - https://answers.microsoft.com/en-us/windows/forum/windows_7-performance/hot-to-lock-the-bitlocker-encrypted-drive-without/6ae82827-38ee-46dc-93d2-f5d2888324c2

Looks like running this command in CMD will do the trick: manage-bde -lock -ForceDismount x: where x is the drive.

You could also create a batch file to make this process easier.

Joe
  • 2,734
  • 2
  • 12
  • 22