〽️elbit Services > Knowledge Based > All BWL KB > Access to Removable Drives not Protected by BitLocker

Access to Removable Drives not Protected by BitLocker

To manage write access to removable drives not protected by BitLocker, you can use Group Policy or Local Security Policy in Windows. Here’s how to allow or deny write access:

Method 1: Using Group Policy (for Windows Pro, Enterprise, and Education editions)

  1. Open the Group Policy Editor:
    • Press Win + R, type gpedit.msc, and press Enter.
  2. Navigate to the Setting:
    • Go to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Removable Data Drives.
  3. Configure the Setting:
    • Find Deny write access to removable drives not protected by BitLocker and double-click it.
    • Enable this setting to deny write access to removable drives that are not BitLocker-protected.
    • Disable or Not Configured to allow write access.
  4. Apply and Exit:
    • Click Apply, then OK, and close the Group Policy Editor.

Method 2: Using Local Security Policy (an alternative approach)

  1. Open Local Security Policy:
    • Press Win + R, type secpol.msc, and press Enter.
  2. Go to Local Policies:
    • Go to Local Policies > Security Options.
  3. Edit BitLocker Policies:
    • Locate any relevant settings under Security Options that may handle removable drive encryption requirements, but keep in mind that some controls are only available in the Group Policy Editor.

Method 3: Using Registry Editor (for Windows Home or if Group Policy isn’t available)

  1. Open the Registry Editor:
    • Press Win + R, type regedit, and press Enter.
  2. Navigate to the Registry Key:
    • Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE.
  3. Add or Modify a DWORD Value:
    • Right-click in the right pane, select New > DWORD (32-bit) Value, and name it RDVDenyWriteAccess.
    • Set its value to 1 to deny write access or 0 to allow write access.
  4. Close the Registry Editor and restart the computer for the change to take effect.

Notes

  • Enable BitLocker on removable drives: Use the BitLocker Drive Encryption tool in the Control Panel to encrypt drives that require additional protection.
  • Administrative Privileges: You need admin privileges to apply these changes.

This setup should help you control access to removable drives based on BitLocker encryption status effectively.

Related articles:

The Group Policy settings for BitLocker startup options are in conflict and cannot be applied

External Links

Configure BitLocker

WindowsBitlocker

Related Knowledge Base Posts -