BitLocker, Windows 10, Windows 11

How to Prevent Users from using Smart Cards on BitLocker Removable Drives on Windows 11 or 10?

Posted on by Pammi Singh

On Windows 11 or 10 PCs, smart cards can be used to authenticate user access to the BitLocker-protected removable data drives. However, if you do not want to use smart cards on BitLocker removable data drives on Windows 11/10 PC, you can disable this using Local Group Policy Editor or Registry Editor.

In this gearupwindows article, we will guide you on preventing users from using Smart Cards on BitLocker removable drives on Windows 11 or 10.

How to Stop Users from using Smart Cards on BitLocker Removable Drives using Group Policy?

To prevent users from using Smart Cards on Bitlocker removable drives using Group Policy, do these steps:-

Step 1. Open Local Group Policy Editor.

Step 2. Then, navigate or browse to the following path in the left sidebar of the Local Group Policy Editor window:-

Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Removable Data Drives

Step 3. On the right sidebar, double-click on the policy name, “Configure use of smart cards on removable data drives.”

Step 4. Select Disabled.

Step 5. Click Apply.

Step 6. Click OK.

Step 7. Restart your computer.

Once you complete the above steps, Windows will not allow users to use Smart Cards on BitLocker removable drives.

If you want to allow users to use smart cards on BitLocker removable drives, repeat the above steps and choose the Not Configured or Enabled option in the above step 4.

How to Block Users from using Smart Cards on BitLocker Removable Drives through Registry Editor?

To stop users from using smart cards on BitLocker removable drives using Registry Editor, do these steps:-

Step 1. First, open Registry Editor.

Step 2. Next, browse or navigate to the following key in the left sidebar of Registry Editor:-

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft

Step 3. After that, right-click on the Microsoft folder and select New > Key.

Step 4. Name the newly created key as FVE.

Step 5. Then, right-click on the FVE folder and choose New > DWORD (32-bit) Value.

Step 6. Name the newly created REG_DWORD as RDVAllowUserCert.

Step 7. Again, right-click on the FVE folder and choose New > DWORD (32-bit) Value.

Step 8. Name this newly created REG_DWORD as RDVEnforceUserCert.

By default, both REG_DWORDs will have “Value data0. Leave the default value.

Step 9. Finally, reboot your computer to apply the changes.

Once you complete the above steps, Windows will not allow users to use Smart Cards on BitLocker removable drives.

If you want to revert the changes, navigate to the following path in the Registry Editor:-

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE

Here, delete RDVEnforceUserCert and RDVAllowUserCert REG_DWORDs.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: