Lock USB Drive Encrypted Windows Bitlocker without Ejecting

-1

I have a password vault and other critical items that I store on a USB drive, drive which is encrypted with bitlocker (Windows 10).

I often use RDC to remote into my office computer at random times (e.g. to check in on an automated process or to access data files from my home PC).

This presents a problem - I want to leave my USB drive locked when I'm away from the office, but I also want to be able unlock and re-lock it over RDC.

So, how can I lock and unlock the USB drive without needing to physically be present i.e. without just pulling the drive from the slot?

(A potential complication - I don't have local admin rights on my work PC, so I'm pretty sure that using CMD to mount/remount isn't an option).

Joseph Dasenbrock

Posted 2020-02-10T23:20:43.603

Reputation: 3

You really should test to see if you can mount/unmount the volume. However, are you saying if you lock the drive, it ejects the drive? It's possible to unlock and lock the drive from a script (manage-bde). What have you tried? – Ramhound – 2020-02-10T23:40:28.143

I have yet to find any way to lock the drive without simply ejecting the drive (i.e. dismounting it and them physically pulling from the port), (without having admin rights). I'm pretty sure that all of the command line options require admin, e.g. I know that mountvol does. – Joseph Dasenbrock – 2020-02-11T03:06:42.523

manage-bde –lock D:" should absolutely work. – Ramhound – 2020-02-11T04:24:26.507

Okay, thanks, I'll try that later. – Joseph Dasenbrock – 2020-02-11T14:16:17.467

@Ramhound Thanks for the manage-bde suggestion... when I try that I get An attempt to access a required resource was denied, and a suggestion Check that you have administrative rights on the computer, which I don't and can't have. – Joseph Dasenbrock – 2020-02-11T14:39:35.137

Seems like there has to be a way mount/dismount with the command line and without admin rights. – Joseph Dasenbrock – 2020-02-11T14:40:25.800

If I right click on the drive and select "eject", it ejects and then the drive can't be accessed, as desired, but I don't have a way to remount without just physically pulling out and inserting the USB drive. – Joseph Dasenbrock – 2020-02-11T14:41:49.807

Any event if you don't have Administrator permissions, then you will be unable to lock the drive from the command prompt, it appears you only have permissions to eject the drive. – Ramhound – 2020-02-11T17:23:06.717

Okay, that makes sense @Ramhound, that is that I thought would be the case, wanted to ask here in case someone knows something that I don't. Thanks! – Joseph Dasenbrock – 2020-02-11T19:00:14.743

Answers

0

I want to leave my USB drive locked when I'm away from the office, but I also want to be able unlock and re-lock it over RDC.

I suggested you use manage-bde to lock the drive, this is the only way to lock the drive, other than ejecting the drive. Since this requires elevated permissions it does not appear you can use this method to lock your device.

manage-bde –lock D:

Seems like there has to be a way mount/dismount with the command line and without admin rights.

Any other solution that might exists requires being an Administrator. The commands to mount and unmount a volume require elevated permissions.

Ramhound

Posted 2020-02-10T23:20:43.603

Reputation: 28 517

Asked: 2020-02-10T23:20:43.603

Viewed: 65 times

Active: 2020-02-11T19:10:31.970