On Windows 11 or 10 PCs, smart cards can be used to authenticate user access to the BitLocker-protected removable data drives. However, if you do not want to use smart cards on BitLocker removable data drives on Windows 11/10 PC, you can disable this using Local Group Policy Editor or Registry Editor.
In this gearupwindows article, we will guide you on preventing users from using Smart Cards on BitLocker removable drives on Windows 11 or 10.
How to Stop Users from using Smart Cards on BitLocker Removable Drives using Group Policy?
To prevent users from using Smart Cards on Bitlocker removable drives using Group Policy, do these steps:-
Step 1. Open Local Group Policy Editor.
Step 2. Then, navigate or browse to the following path in the left sidebar of the Local Group Policy Editor window:-
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Removable Data Drives
Step 3. On the right sidebar, double-click on the policy name, “Configure use of smart cards on removable data drives.”
Step 4. Select Disabled.
Step 5. Click Apply.
Step 6. Click OK.
Step 7. Restart your computer.
Once you complete the above steps, Windows will not allow users to use Smart Cards on BitLocker removable drives.
If you want to allow, users to use smart cards on BitLocker removable drives, repeat the above steps and choose the Not Configured or Enabled option in the above step 4.
How to Block Users from Using Smart Cards on BitLocker Removable Drives through Registry Editor?
To stop users from using smart cards on BitLocker removable drives using Registry Editor, do these steps:-
Step 1. First, open Registry Editor.
Step 2. Next, browse or navigate to the following key in the left sidebar of Registry Editor:-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft
Step 3. After that, right-click on the Microsoft folder and select New > Key.
Step 4. Name the newly created key as FVE.
Step 5. Then, right-click on the FVE folder and choose New > DWORD (32-bit) Value.
Step 6. Name the newly created REG_DWORD as RDVAllowUserCert.
Step 7. Again, right-click on the FVE folder and choose New > DWORD (32-bit) Value.
Step 8. Name this newly created REG_DWORD as RDVEnforceUserCert.
By default, both REG_DWORDs will have “Value data” 0. Leave the default value.
Step 9. Finally, reboot your computer to apply the changes.
Once you complete the above steps, Windows will not allow users to use Smart Cards on BitLocker removable drives.
If you want to revert the changes, navigate to the following path in the Registry Editor:-
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE
Here, delete RDVEnforceUserCert and RDVAllowUserCert REG_DWORDs.
Conclusion
In conclusion, Windows 11 and 10 offer the ability to use smart cards for authentication on BitLocker-protected removable data drives. However, if you want to prevent users from using smart cards on these drives, you can disable the feature using either the Local Group Policy Editor or the Registry Editor. The steps to do so are relatively straightforward, and you can easily revert the changes if needed. By disabling the use of smart cards on removable drives, you can improve the security of your system and data.
