How to Enable or Disable Use of BitLocker on Removable Data Drives in Windows


You can use BitLocker Drive Encryption to help protect your files on an entire drive. BitLocker can help block hackers from accessing the system files they rely on to discover your password, or from accessing your drive by physically removing it from your PC and installing it in a different one. You can still sign in to Windows and use your files as you normally would.

New files are automatically encrypted when you add them to a drive that uses BitLocker. However, if you copy these files to another drive or a different PC, they're automatically decrypted.

BitLocker can encrypt the drive Windows is installed on (the operating system drive) as well as fixed data drives (such as internal hard drives). You can also use BitLocker To Go to help protect all files stored on a removable data drive (such as an external hard drive or USB flash drive).

If you like, you can configure the Control use of BitLocker on removable drives group policy setting that controls the use of BitLocker on removable data drives. When this policy setting is enabled you can select property settings that control how users can configure BitLocker. Choose "Allow users to apply BitLocker protection on removable data drives" to permit the user to run the BitLocker setup wizard on a removable data drive. Choose "Allow users to suspend and decrypt BitLocker on removable data drives" to permit the user to remove BitLocker Drive encryption from the drive or suspend the encryption while maintenance is performed. If you do not configure this policy setting, users can use BitLocker on removable disk drives. If you disable this policy setting, users cannot use BitLocker on removable disk drives.

This tutorial will show you how to enable or disable the ability to configure and use BitLocker on removable data drives for all users in Windows 7, Windows 8, and Windows 10.

You must be signed in as an administrator to enable or disable the ability to configure and use BitLocker on removable data drives.

For Windows 7, BitLocker Drive Encryption is only available in the Windows 7 Professional and Windows 7 Enterprise editions.

For Windows 8/8.1, BitLocker Drive Encryption is only available in the Windows 8 Pro and Windows 8 Enterprise editions.

For Windows 10, BitLocker Drive Encryption is only available in the Windows 10 Pro, Enterprise, and Education editions.



Contents

  • Option One: Enable or Disable Use of BitLocker on Removable Data Drives in Local Group Policy Editor
  • Option Two: Enable or Disable Use of BitLocker on Removable Data Drives using a REG file



EXAMPLE: Trying to turn on or off BitLocker on a removable drive when use of BitLocker is disabled
Enable or Disable Use of BitLocker on Removable Drives in Windows-bitlocker_on_removable_drives_disabled.png Enable or Disable Use of BitLocker on Removable Drives in Windows-bitlocker_on_removable_drives_disabled-2.png






OPTION ONE

Enable or Disable Use of BitLocker on Removable Data Drives in Local Group Policy Editor


1 Open the Local Group Policy Editor.

2 Navigate to the policy location below in the left pane of Local Group Policy Editor. (see screenshot below)

Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives

Enable or Disable Use of BitLocker on Removable Drives in Windows-bitlocker_for_removable_drives_gpedit-1.png

3 In the right pane of Removable Data Drives in Local Group Policy Editor, double click/tap on the Control use of BitLocker on removable drives policy to edit it. (see screenshot above)

4 Do step 5 (enable), step 6 (specify), or step 7 (disable) below for what you would like to do.


5 To Enable Use of BitLocker on Removable Data Drives

This is the default setting.

This setting is the same as having Enabled selected with both Allow users to apply BitLocker protection on removable data drives and Allow users to suspend and decrypt BitLocker on removable data drives checked.

A) Select (dot) Not Configured, click/tap on OK, and go to step 8 below. (see screenshot below step 7)


6 To Specify Use of BitLocker on Removable Data Drives

A) Select (dot) Enabled. (see screenshot below step 7)

B) Check or uncheck Allow users to apply BitLocker protection on removable data drives and Allow users to suspend and decrypt BitLocker on removable data drives for what you want.

Choose Allow users to apply BitLocker protection on removable data drives to permit the user to run the BitLocker setup wizard on a removable data drive.

Choose Allow users to suspend and decrypt BitLocker on removable data drives to permit the user to remove BitLocker Drive encryption from the drive or suspend the encryption while maintenance is performed.


C) Click/tap on OK, and go to step 8 below.


7 To Disable Use of BitLocker on Removable Data Drives

A) Select (dot) Disabled, click/tap on OK, and go to step 8 below. (see screenshot below)

Enable or Disable Use of BitLocker on Removable Drives in Windows-bitlocker_for_removable_drives_gpedit-2.png


8 When finished, you can close the Local Group Policy Editor if you like.







OPTION TWO

Enable or Disable Use of BitLocker on Removable Data Drives using a REG file


1 Do step 2 (enable), step 3 (specify), step 4 (disable) below for what you want.


2 To Enable Use of BitLocker on Removable Data Drives

This is the default setting.

A) Click/tap on the Download button below to download the file below, and go to step 5 below.

Enable_using_BitLocker_on_removable_drives.reg

Download

(Contents of .reg file for reference.)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE]
"RDVConfigureBDE"=-
"RDVAllowBDE"=-
"RDVDisableBDE"=-


3 To Specify Use of BitLocker on Removable Data Drives

A) Click/tap on the Download button below you want, and go to step 5 below.

Only_allow_users_to_apply_BitLocker_protection_on_removable_drives.reg

Download

(Contents of .reg file for reference.)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE]
"RDVConfigureBDE"=dword:00000001
"RDVAllowBDE"=dword:00000000
"RDVDisableBDE"=dword:00000000

OR

Only_allow_users_to_suspend_and_decrypt_BitLocker_on_removable_drives.reg

Download

(Contents of .reg file for reference.)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE]
"RDVConfigureBDE"=dword:00000001
"RDVAllowBDE"=dword:00000000
"RDVDisableBDE"=dword:00000001


4 To Disable Use of BitLocker on Removable Data Drives

A) Click/tap on the Download button below to download the file below, and go to step 5 below.

Disable_using_BitLocker_on_removable_drives.reg

Download

(Contents of .reg file for reference.)
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE]
"RDVConfigureBDE"=dword:00000000
"RDVAllowBDE"=dword:00000000
"RDVDisableBDE"=dword:00000000


5 Save the .reg file to your desktop.

6 Double click/tap on the downloaded .reg file to merge it.

7 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

8 You can now delete the downloaded .reg file if you like.


That's it,
Shawn


Related Tutorials



  • Windows 11 Tutorials