How to, Windows 10, Windows 11

How to Prevent Users from using Smart Cards on BitLocker Removable Drives on Windows 11 or 10?

Posted on by Renu

We can use Smart cards to authenticate user access to the BitLocker-protected removable data drives on Windows 11/10 PCs. Though, if you do not want to use smart cards on BitLocker removable data drives on Windows 11/10 PC, you can block this by Local Group Policy Editor or Registry Editor.

In this risewindows article, we will guide you on preventing users from using Smart Cards on BitLocker removable drives on Windows 11/10.

Using Group Policy, how to Stop Users from using Smart Cards on BitLocker Removable Drives?

Do these steps to prevent users from using Smart Cards on Bitlocker removable drives via Group Policy:-

Step 1Open Local Group Policy Editor.

Step 2. Browse to the following path in the left sidebar of the Local Group Policy Editor window:-

Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Removable Data Drives

Step 3. Double-click on the policy name, “Configure use of smart cards on removable data drives,” on the right sidebar.

Step 4. Pick Disabled option.

Step 5. Hit Apply button.

Step 6. Press OK button.

Step 7. Restart your PC to apply the changes.

After completing the above steps, Windows will not allow users to use Smart Cards on BitLocker removable drives.

If you need to allow users to use smart cards on BitLocker removable drives, repeat the above steps and select the Not Configured or Enabled option in the above step 4.

How to Block Users from using Smart Cards on BitLocker Removable Drives through Registry Editor?

Do these steps to stop users from using smart cards on BitLocker removable drives via Registry Editor:-

Step 1. Open Registry Editor.

Step 2. Browse to the following key in the left sidebar of Registry Editor:-

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft

Registry-Editor-Microsoft-1-1536x1194

Step 3. Right-click on the Microsoft folder to pick New > Key.

New-Key-on-Microsoft-folder-1-1536x1194

Step 4. Name the new key as FVE.

Step 5. Right-click on the FVE folder to pick New > DWORD (32-bit) Value.

Step 6. Name the newly created REG_DWORD as RDVAllowUserCert.

Step 7. Right-click on the FVE folder to pick New > DWORD (32-bit) Value.

Step 8. Name this newly created REG_DWORD as RDVEnforceUserCert.

Generally, both REG_DWORDs will have “Value data” 0. Leave the default value.

Step 9. Reboot your PC to apply the changes.

After completing the above steps, Windows will not allow users to use Smart Cards on BitLocker removable drives.

If you need to revert the changes, browse to the following path in the Registry Editor:-

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE

Here, delete RDVEnforceUserCert and RDVAllowUserCert REG_DWORDs.

That’s it.

Thank you.

You guys are amazing; Keep reading, learning, and growing.

Renu

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: