In this gearupwindows article, you will learn to allow and block write access to removable drives that are not protected by BitLocker. You can configure this setting in Windows 11 and 10 using two methods: Local Group Policy Editor or Registry Editor.
Once you enable this policy, Windows 11 or 10 will not allow you to write data to a removable data drive if your removable data drives are not BitLocker-protected. That means removable drives will be mounted as read-only. However, if the drive is protected by BitLocker, it will be mounted with read and write access.
Topics Covered
How to Allow or Deny Write Access to Removable Drives not Protected by BitLocker using Group Policy?
To allow or disallow write access to removable drives not protected by BitLocker using gpedit.msc, use these steps:-
Step 1. Open Local Group Policy Editor.
Step 2. When the Local Group Policy Editor window appears on your computer, navigate or browse to the following path:-
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Removable Data Drives
Step 3. On the right sidebar, double-click on the policy name “Deny write access to removable drives not protected by BitLocker.”
Step 4. Now, select one of the following options:-
- Enabled: All removable data drives that are not BitLocker-protect will be mounted as read-only.
- Disabled: BitLocker-protected data drives will be mounted with read and write access.
Step 5. Click
Step 6. Click
Step 7. At last, reboot your computer.
How to Allow or Deny Write Access to Removable Drives not Protected by BitLocker through Registry Editor?
If you want to allow or deny write access to removable drives that are not protected by BitLocker, make the following changes in Registry Editor:-
Step 1. Open Registry Editor.
Step 2. Then, browse or navigate to the following key in the left sidebar of Registry Editor:-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft
Step 3. Next, right-click on the
Step 4. Name the newly created key as
Step 5. After that, right-click on the
Step 6. Name the newly created REG_DWORD as
Step 7. Now, double-click on the
- 0: Deny the write access to removable drives not protected by BitLocker.
- 1: Allow the write access to all removable drives.
Step 8. Click
Step 9. Finally, restart your computer to apply.