Deny Write Access to Fixed Drives not Protected by BitLocker in Windows 10
You can set a policy that configures whether BitLocker protection is required so that a computer can write data to fixed data readers. All fixed data drives that are not Protected by BitLocker will be mounted read-only. If the drive is protected by BitLocker, it will be mounted with Read and write access. In this post, we will show you how to allow or deny Write access on fixed data drives not protected by BitLocker for all Windows 10 users.
Before you start, know that:
- BitLocker Drive Encryption is only available in Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education editions.
- You must be logged in as an administrator to allow or deny write access to fixed data drives not protected by BitLocker.
Allow or deny write access to fixed players not protected by BitLocker
To configure the Allow or deny write access setting to fixed data drives not protected by BitLocker by using the Group Policy Editor:
Open the Local Group Policy Editor.
In the left pane of the Local Group Policy Editor, navigate to the following location:
Computer Configuration> Administrative Templates> Windows Components> BitLocker Drive Encryption> Fixed Data Drives.
This policy setting determines whether BitLocker protection is required for fixed data drives to be writable to a computer.
If you enable this policy setting, all fixed data drives that are not protected by BitLocker will be mounted read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.
If you disable or do not configure this policy setting, all fixed data drives on the computer will be mounted with read and write access.
On the right pane of Fixed data readers In the Local Group Policy Editor, double-click Deny write access to fixed players not protected by BitLocker policy to change it.
Not configured is the default setting. To configure the setting, follow these steps:
To allow: Select the radio button for Not configured or disabledand click OK.
Deny: Select the radio button for enabledand click OK.
You can now exit the Group Policy Editor.
Restart the computer for the changes to take effect.