Share via

How do I get Bit Locker to Auto-Lock an encrypted drive after the PC goes to sleep

Gustave Verbraak 5 Reputation points
2025-10-01T19:11:01.94+00:00

Good afternoon, and apologies if this topic has already been covered—I did my best to sift through the wealth of information available, including the excellent insights I’ve received from Copilot.

Here’s the situation: when I step away from my desk and my PC enters sleep mode, the BitLocker-encrypted data drive remains unlocked. This means that anyone who wakes the machine can access the drive without re-authentication. With Copilot’s help, I’ve written a few scripts intended to trigger on sleep events and lock the drive, but so far they haven’t worked as expected.

I’m wondering if I’ve misunderstood how BitLocker handles user sessions. Is the drive staying unlocked because the system still recognizes me as the active user? Would manually locking the workstation before sleep make a difference?

One additional detail: I use Directory Opus as a replacement for Windows Explorer. It offers features I’d love to see integrated into future versions of Windows, especially as someone who’s been working with PCs since the DOS era and Windows 3.1/3.11.

Any guidance would be appreciated. I’m about to test a new idea—logging out before stepping away—to see if that forces the drive to lock.

Thanks in advance

Windows for home | Windows 11 | Security and privacy
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lucus-V 3,260 Reputation points Microsoft External Staff Moderator
    2025-10-02T09:35:41.7333333+00:00

    Hi Gustave Verbraak,

    Welcome to Microsoft Q&A forum. I'm happy to help.

    I’m about to test a new idea—logging out before stepping away—to see if that forces the drive to lock.

    As you said that, and your purpose is securing your drive, trigger BitLocker right after device lock is a better idea. Lock task is triggered before Sleep, also with you can lock your device manually with the combination Windows Key + L.

    Since then, I will provide the method based on the idea "Auto Lock BitLocker on Device Lock".

    1. Open Task Scheduler
    2. Action > Create Task...
      1. General tab
        1. Name: Auto Lock BitLocker on Device Lock
        2. Choose Run whether user is logged on or not
        3. Check Run with highest privileges
      2. Triggers tab
        1. New...
        2. Begin the task: On workstation lock
        3. OK
      3. Actions tab
        1. New...
        2. Program/script: cmd.exe
        3. Add arguments (optional): /c "manage-bde -lock <drive_letter>:"
          Please replace <drive_letter> with your drive letter, example: /c "manage-bde -lock E:"
        4. OK
      4. Conditions tab
        1. If you are using a laptop, for making sure, uncheck Start the task only if the computer is on AC power
      5. OK to save Task

    After your Task is created, you may test it right away by locking your device. If the task does not run, choose Enable All Tasks History > Test it again then comment me with the log.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.