With the ubiquity of removable drives, ensuring data security becomes paramount, especially on devices like Windows 10 and 11. One of the nuanced security considerations is how to manage write access to removable drives that aren’t protected by BitLocker. Taking control of this access can ensure that your data remains uncompromised even when transferred or accessed from external sources. This risewindows article will guide us through the processes of allowing and blocking write access to such drives. Whether you’re a novice user or an IT expert, the methods detailed here – using the Local Group Policy Editor or the Registry Editor – are designed for ease of implementation. When this policy is enabled, Windows 11 or 10 elevates the security measures by mounting non-BitLocker protected removable drives as read-only, barring any write operations. However, it’s essential to note that BitLocker-protected drives are exempt from this restriction and will be mounted with both read and write access. Join us as we delve into the step-by-step instructions for both methods.
How to Allow or Deny Write Access to Removable Drives not Protected by BitLocker using Group Policy?
Do these steps to allow or stop write access to removable drives not protected by BitLocker using group policy:-
Step 1. Open Local Group Policy Editor.
Step 2. Navigate the following path on the Local Group Policy Editor window:-
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Removable Data Drives
Step 3. Double-click on the policy name “Deny write access to removable drives not protected by BitLocker” on the right sidebar.
Step 4. After that, choose any of the following options:-
- Enabled: All removable data drives that are not BitLocker-protect will mount as read-only.
- Disabled: BitLocker-protected data drives will be mounted with reading and write access.
Step 5. Hit Apply.
Step 6. Press OK.
Step 7. Reboot your computer.
How to Allow or Deny Write Access to Removable Drives not Protected by BitLocker through Registry Editor?
Do the steps in Registry Editor to allow or deny write access to removable drives that are not protected by BitLocker:-
Step 1. Open Registry Editor.
Step 2. Navigate to the following key in the left sidebar of the Registry Editor window:-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft
Step 3. Right-click on the Microsoft folder to pick New > Key.
Step 4. Name the new key as FVE.
Step 5. Right-click on the FVE folder to pick New > DWORD (32-bit) Value.
Step 6. Name the newly created REG_DWORD as RDVDenyCrossOrg.
Step 7. After that, double-click on the RDVDenyCrossOrg REG_DWORD and set its “Value data” to the following:-
- 0: Deny the write access to removable drives that BitLocker does not protect.
- 1: Allow the write access to all removable drives.
Step 8. Press OK.
Step 9. Restart your PC to apply the changes.
Conclusion
Managing the write access to removable drives on devices like Windows 10 and 11 is a crucial security measure. By using the Local Group Policy Editor or the Registry Editor, users can easily control how Windows mounts non-BitLocker protected drives. Following the instructions provided will help to ensure that your data remains secure when transferring or accessing content from external sources.
