How to Allow or Deny Write Access to Removable Drives not Protected by BitLocker on Windows 11 or 10?

This risewindows article will guide us to allow and block write access to removable drives that BitLocker does not protect. You can build this setting in Windows 11 and 10 by two methods like Local Group Policy Editor or Registry Editor.

If you turn on this policy, Windows 11 or 10 will not allow you to write data to a removable data drive when your removable data drives are not BitLocker-protected. That means it will mount removable drives as read-only. Even-Though, the drive is protected by BitLocker if it is mounted with reading and write access.

How to Allow or Deny Write Access to Removable Drives not Protected by BitLocker using Group Policy?

Do these steps to allow or stop write access to removable drives not protected by BitLocker using group policy:-

Step 1Open Local Group Policy Editor.

Step 2. Navigate the following path on the  Local Group Policy Editor window:-

Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Removable Data Drives

Step 3. Double-click on the policy name “Deny write access to removable drives not protected by BitLocker” on the right sidebar.

Step 4. After that, choose any of the following options:-

  • Enabled: All removable data drives not BitLocker-protect will mount as read-only.
  • Disabled: BitLocker-protected data drives will be mounted with reading and write access.

Step 5. Hit Apply.

Step 6. Press OK.

Step 7. Reboot your computer.

How to Allow or Deny Write Access to Removable Drives not Protected by BitLocker through Registry Editor?

Do the steps in Registry Editor to allow or deny write access to removable drives that are not protected by BitLocker:-

Step 1Open Registry Editor.

Step 2. Navigate to the following key in the left sidebar of the Registry Editor window:-

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft

Registry-Editor-Microsoft-1-1536x1194

Step 3. Right-click on the Microsoft folder to pick New > Key.

New-Key-on-Microsoft-folder-1-1536x1194

Step 4. Name the new key as FVE.

Step 5. Right-click on the FVE folder to pick New > DWORD (32-bit) Value.

Step 6. Name the newly created REG_DWORD as RDVDenyCrossOrg.

Step 7. After that, double-click on the RDVDenyCrossOrg REG_DWORD and set its “Value data” to the following:-

  • 0: Deny the write access to removable drives not protected by BitLocker.
  • 1: Allow the write access to all removable drives.

Step 8. Press OK.

Step 9. Restart your PC to apply.

Thank you.

Keep in touch.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: