In this gearupwindows article, you will learn to allow and block write access to removable drives that are not protected by BitLocker. You can configure this setting in Windows 11 and 10 using two methods: Local Group Policy Editor or Registry Editor.
Once you enable this policy, Windows 11 or 10 will not allow you to write data to a removable data drive if your removable data drives are not BitLocker-protected. That means removable drives will be mounted as read-only. However, if the drive is protected by BitLocker, it will be mounted with read and write access.
How to Allow or Deny Write Access to Removable Drives not Protected by BitLocker using Group Policy?
To allow or disallow write access to removable drives not protected by BitLocker using gpedit.msc, use these steps:-
Step 1. Open Local Group Policy Editor.
Step 2. When the Local Group Policy Editor window appears on your computer, navigate or browse to the following path:-
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Removable Data Drives
Step 3. On the right sidebar, double-click on the policy name “Deny write access to removable drives not protected by BitLocker.”
Step 4. Now, select one of the following options:-
- Enabled: All removable data drives that are not BitLocker-protect will be mounted as read-only.
- Disabled: BitLocker-protected data drives will be mounted with read and write access.
Step 5. Click Apply.
Step 6. Click OK.
Step 7. At last, reboot your computer.
How to Allow or Deny Write Access to Removable Drives not Protected by BitLocker through Registry Editor?
If you want to allow or deny write access to removable drives that are not protected by BitLocker, make the following changes in Registry Editor:-
Step 1. Open Registry Editor.
Step 2. Then, browse or navigate to the following key in the left sidebar of Registry Editor:-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft
Step 3. Next, right-click on the Microsoft folder and select New > Key.
Step 4. Name the newly created key as FVE.
Step 5. After that, right-click on the FVE folder and choose New > DWORD (32-bit) Value.
Step 6. Name the newly created REG_DWORD as RDVDenyCrossOrg.
Step 7. Now, double-click on the RDVDenyCrossOrg REG_DWORD and set its “Value data” to the following:-
- 0: Deny the write access to removable drives not protected by BitLocker.
- 1: Allow the write access to all removable drives.
Step 8. Click OK.
Step 9. Finally, restart your computer to apply.
Conclusion
In conclusion, this article provides two methods to allow or block write access to removable drives that are not protected by BitLocker on Windows 11 and 10. By enabling the “Deny write access to removable drives not protected by BitLocker” policy using Local Group Policy Editor or making changes in the Registry Editor, Windows will not allow write access to removable drives unless they are BitLocker-protected. This can help improve data security by preventing unauthorized data modification or deletion on non-protected removable drives.
