Allow or Deny Write Access to Fixed Data Drives not Protected by BitLocker in Windows
You can use BitLocker Drive Encryption to help protect your files on an entire drive. BitLocker can help block hackers from accessing the system files they rely on to discover your password, or from accessing your drive by physically removing it from your PC and installing it in a different one. You can still sign in to Windows and use your files as you normally would.
If you like, you can set a policy that configures whether BitLocker protection is required for a computer to be able to write data to fixed data drives. All fixed data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.
This tutorial will show you how to allow or deny write access to fixed data drives not protected by BitLocker for all users in Windows 7, Windows 8, and Windows 10.
You must be signed in as an administrator to allow or deny write access to fixed data drives not protected by BitLocker.
For Windows 7, BitLocker Drive Encryption is only available in the Windows 7 Professional and Windows 7 Enterprise editions.
For Windows 8/8.1, BitLocker Drive Encryption is only available in the Windows 8 Pro and Windows 8 Enterprise editions.
For Windows 10, BitLocker Drive Encryption is only available in the Windows 10 Pro, Enterprise, and Education editions.
CONTENTS:
- Option One: Allow or Deny Write Access to Fixed Data Drives not Protected by BitLocker in Local Group Policy Editor
- Option Two: Allow or Deny Write Access to Fixed Data Drives not Protected by BitLocker using a REG file
EXAMPLE: Deny write access to fixed data drives not protected by BitLocker
OPTION ONE
Allow or Deny Write Access to Fixed Data Drives not Protected by BitLocker in Local Group Policy Editor
1. Open the
Local Group Policy Editor.
2. Navigate to the policy location below in the left pane of Local Group Policy Editor. (see screenshot below)
Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives
3. In the right pane of
Fixed Data Drives in Local Group Policy Editor, double click/tap on the
Deny write access to fixed drives not protected by BitLocker policy to edit it. (see screenshot above)
4. Do
step 5 (allow) or
step 6 (deny) below for what you would like to do.
5. To Allow Write Access to Fixed Data Drives not Protected by BitLocker
A) Select (dot)
Not Configured or
Disabled, click/tap on
OK, and go to
step 7 below. (see screenshot below)
Not Configured is the default setting.
6. To Deny Write Access to Fixed Data Drives not Protected by BitLocker
A) Select (dot)
Enabled, click/tap on
OK, and go to
step 7 below. (see screenshot below)
7. Close the Local Group Policy Editor.
8. Restart the computer to apply.
OPTION TWO
Allow or Deny Write Access to Fixed Data Drives not Protected by BitLocker using a REG file
The downloadable .reg files below will add and modify the DWORD value in the registry key below.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FVE
FDVDenyWriteAccess DWORD
(delete) = Allow (default)
1 = Deny
1. Do
step 2 (allow) or
step 3 (deny) below for what you would like to do.
2. To Allow Write Access to Fixed Data Drives not Protected by BitLocker
This is the default setting.
A) Click/tap on the Download button below to download the file below, and go to
step 4 below.
Allow_write_access_to_fixed_data_drives_not_protected_by_BitLocker.reg
Download
3. To Deny Write Access to Fixed Data Drives not Protected by BitLocker
A) Click/tap on the Download button below to download the file below, and go to
step 4 below.
Deny_write_access_to_fixed_data_drives_not_protected_by_BitLocker.reg
Download
4. Save the .reg file to your desktop.
5. Double click/tap on the downloaded .reg file to merge it.
6. When prompted, click/tap on
Run,
Yes (
UAC),
Yes, and
OK to approve the merge.
7. Restart the computer to apply.
8. You can now delete the downloaded .reg file if you like.
That's it,
Shawn