Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to hide 'Turn on BitLocker' on Windows 7 drive menus


  • Please log in to reply
3 replies to this topic

#1 nicknax

nicknax

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:04:37 AM

Posted 16 January 2015 - 04:02 PM

I don't use BitLocker, and I don't want anyone else using my system to either, but it seems BitLocker can't be disabled entirely from Windows 7 (pro or better?). I have though worked out how to hide the BitLocker menu items from the drive menu in a way that's relatively easy to reverse (i.e. doesn't involve simply deleting the Bitlocker related keys from 'HKEY_CLASSES_ROOT\Drive\shell' as others suggest) and I thought I'd share; in essence the trick is to simply add the string value LegacyDisable to the key corresponding to the menu item you want to hide.

 

Here's some reg file code to do the deed for those not comfortable playing with regedit. Copy and paste one of the following code sections into Notepad, save it as a plain text file, change the extension to .reg, then double-click to merge it with the registry. [edit: reg files attached, see below]

 

I've tested the code (as regfiles) on my system (clean install of WIndows 7 SP1 x64) and nothing broke (and I no longer have 'Turn on Bitlocker' poking me in the eye or tempting others) but I haven't tested any of it on a system with a BitLocker enabled drive so can't say how effective the changes will be on those systems. The theory's good and like I said the modifications are easily reversable. Of course feel free to make a restore point first if you're paranoid! :wink:

 

This first reg file simply hides 'Turn on BitLocker' from the drive menu. It should also prevent users from encrypting drives via the context menu (assuming BitLocker is already on) though of course they can still do that from the control panel applet. If you don't have any BitLocker drives this should be all you need, and if you do have BitLocker it should still allow you to conveniently manage existing drives.

 

Hide_Turn_on_BitLocker_Drive_MenuItem.reg

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Drive\shell\encrypt-bde]
"LegacyDisable"=""

[HKEY_CLASSES_ROOT\Drive\shell\encrypt-bde-elev]
"LegacyDisable"=""

; http://www.bleepingcomputer.com

Show_Turn_on_BitLocker_Drive_MenuItem.reg

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Drive\shell\encrypt-bde]
"LegacyDisable"=-

[HKEY_CLASSES_ROOT\Drive\shell\encrypt-bde-elev]
"LegacyDisable"=-

; http://www.bleepingcomputer.com

In theory this one should hide all of the BitLocker menuitems from a drive's context menu and prevent drives from being 'Managed' via the default control panel applet.

 

Disable_all_BitLocker_Drive_MenuItems.reg

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Drive\shell\encrypt-bde]
"LegacyDisable"=""

[HKEY_CLASSES_ROOT\Drive\shell\encrypt-bde-elev]
"LegacyDisable"=""

[HKEY_CLASSES_ROOT\Drive\shell\manage-bde]
"LegacyDisable"=""

[HKEY_CLASSES_ROOT\Drive\shell\manage-bde-elev]
"LegacyDisable"=""

[HKEY_CLASSES_ROOT\Drive\shell\resume-bde]
"LegacyDisable"=""

[HKEY_CLASSES_ROOT\Drive\shell\resume-bde-elev]
"LegacyDisable"=""

[HKEY_CLASSES_ROOT\Drive\shell\unlock-bde]
"LegacyDisable"=""

; http://www.bleepingcomputer.com

Enable_all_BitLocker_Drive_MenuItems.reg

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Drive\shell\encrypt-bde]
"LegacyDisable"=-

[HKEY_CLASSES_ROOT\Drive\shell\encrypt-bde-elev]
"LegacyDisable"=-

[HKEY_CLASSES_ROOT\Drive\shell\manage-bde]
"LegacyDisable"=-

[HKEY_CLASSES_ROOT\Drive\shell\manage-bde-elev]
"LegacyDisable"=-

[HKEY_CLASSES_ROOT\Drive\shell\resume-bde]
"LegacyDisable"=-

[HKEY_CLASSES_ROOT\Drive\shell\resume-bde-elev]
"LegacyDisable"=-

[HKEY_CLASSES_ROOT\Drive\shell\unlock-bde]
"LegacyDisable"=-

; http://www.bleepingcomputer.com

The following will hide the BitLocker status: Off bit displayed at the bottom of the Windows Explorer window when you selected a drive. Please note thought that I've taken the quick and dirty approach with the following regfiles; they'll set the 'PreviewDetails' value to the default (as it is on my system) so if any software has already made changes to the 'Details' part on your system those changes will be lost.

 

Hide_Explorer_BitLocker_Status.reg

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Drive]
"PreviewDetails"="prop:*System.PercentFull;System.FreeSpace;System.Capacity;System.Volume.FileSystem"

; http://www.bleepingcomputer.co

Show_Explorer_BitLocker_status.reg

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Drive]
"PreviewDetails"="prop:*System.PercentFull;System.FreeSpace;System.Capacity;System.Volume.FileSystem;*System.Volume.BitLockerProtection"

; http://www.bleepingcomputer.com

While it's highly unlikely you'll have any existing modifications to wipe out, if you're keen to check first start cmd.exe and enter the following:

reg.exe query HKEY_CLASSES_ROOT\Drive /v "PreviewDetails"

If you see this:

HKEY_CLASSES_ROOT\Drive
    PreviewDetails    REG_SZ    prop:*System.PercentFull;System.FreeSpace;System
.Capacity;System.Volume.FileSystem;*System.Volume.BitLockerProtection

you're good to go.

 

Otherwise just fire up regedit and make the change by hand if you want, i.e. find HKEY_CLASSES_ROOT\Drive\PreviewDetails, select modify, and remove *System.Volume.BitLockerProtection from the data string. Alternatively merge the regfile then rerun whatever software you initally used to modify that feature. I'm sure someone here will come up with a neat script that'll do a better job.

 

 

You can also hide the default BitLocker Drive Encryption control panel to make BitLocker even harder to start. Try:

Open Local Group Policy Editor (Startmenu->Search: type "group policy", select "Edit group policy")
Click on User Configuration -> Administrative Templates -> Control Panel
Double-click Hide specified Control Panel items
Select Enabled radio button
Select Show on the Options pane to open Show Contents
Click into the string gadget and add Microsoft.BitLockerDriveEncryption
Click ok
 

I'm sure there's many more holes to fill with BitLocker but at least it's a little less accessible and 'in your face' now. :dance:

Enjoy.

 

Edit: Corrected an error in disable/enable all (both included the BitLocker status code), added comment lines, and attached regfiles to make things a bit easier.

 

Attached File  Hide_Turn_on_BitLocker_Drive_MenuItem.reg   214bytes   49 downloads

Attached File  Show_Turn_on_BitLocker_Drive_MenuItem.reg   212bytes   40 downloads

Attached File  Disable_all_BitLocker_Drive_MenuItems.reg   554bytes   59 downloads

Attached File  Enable_all_BitLocker_Drive_MenuItems.reg   547bytes   49 downloads


Edited by hamluis, 17 January 2015 - 12:26 PM.
Moved from Win 7 to Tips/Tricks - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 RolandJS

RolandJS

  • Members
  • 4,424 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:02:37 PM

Posted 16 January 2015 - 04:33 PM

Thanks! When I get home, I'm downloading, creating & using REGs for BitLocker.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#3 nicknax

nicknax
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:04:37 AM

Posted 17 January 2015 - 12:22 AM

Cheers Roland. Hope I'm not too late in attaching regfiles to my original post to make that process a bit easier for you. Note I inadvertently left in the BitLocker status code in the enable all/disable all code; edited now, but sorry if that reversed any customisation you might have previously done.

 

I also added a comment line to the bottom of each code section/file. Beyond the obvious purpose it's to fix a potential problem with the last line of each not being applied when you merge with the registry. I'm not sure if it's still an issue these days but I seem to recall that a CR/LF was needed at the end of each line (and that might not occur when cutting and pasting directly from the web page into a text file).



#4 hamluis

hamluis

    Moderator


  • Moderator
  • 54,818 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:37 PM

Posted 17 January 2015 - 12:28 PM

Just the obligatory warning to all members...when another member posts something like this, it is NOT anything more than a comment from a member.  Whatever is outlined is the product of the poster and this should be recognized by all who read such.

 

Topic moved to Tips/Tricks.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users