Enable or disable use of BitLocker on Removable Data Drives
BitLocker can encrypt the drive Windows is installed on as well as encrypt fixed data drives (such as internal hard drives). You can also use BitLocker To Go to help protect all files stored on a removable data drive (such as an external hard drive o,r USB flash drive). In this post, we show you how to enable or disable use of BitLocker on Removable Data Drives in Windows 10.
Enable or disable use of BitLocker on Removable Data Drives
You must be signed in as an administrator to enable or disable the ability to configure and use BitLocker on removable data drives.
You can enable or disable the use of BitLocker on Removable Data Drives in Windows 10 in either of two ways;
- Local Group Policy Editor
- Registry Editor
Let’s see a description of the process involved in relation to the two methods.
1] Enable or disable use of BitLocker on Removable Data Drives via Local Group Policy Editor
Do the following:
- Press Windows key + R to invoke the Run dialog.
- In the Run dialog box type
gpedit.msc
and hit Enter to open Group Policy Editor. - Inside the Local Group Policy Editor, use the left pane to navigate to the path below:
Computer ConfigurationAdministrative TemplatesWindows ComponentsBitLocker Drive EncryptionRemovable Data Drives
- In the right pane of Removable Data Drives in Local Group Policy Editor, double-click/tap on the Control use of BitLocker on removable drives policy to edit its properties.
- Set the radio button to Enabled.
- Check or uncheck Allow users to apply BitLocker protection on removable data drives and Allow users to suspend and decrypt BitLocker on removable data drives per your requirement.
- Click Apply > OK to save the changes and exit.
To disable, simply set the radio button to Not configured or Disabled option.
For Windows 10 Home users, you can add the Local Group Policy Editor feature and then carry out the instructions as provided above or you can do the registry method below.
2] Enable or disable use of BitLocker on Removable Data Drives via Registry Editor
Since this is a registry operation, it is recommended that you back up the registry or create a system restore point as necessary precautionary measures.
To enable use of BitLocker on Removable data Drives, do the following:
- Press Windows key + R to invoke the Run dialog.
- In the Run dialog box, type notepad and hit Enter to open Notepad.
- Copy and paste the code below into the text editor.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftFVE] "RDVConfigureBDE"=- "RDVAllowBDE"=- "RDVDisableBDE"=-
- Now, click the File option from the menu and select Save As button.
- Choose a location (preferably desktop) where you want to save the file.
- Enter a name with .reg extension (eg; Enable_BitLocker_on_RDD.reg).
- Choose All Files from the Save as type drop-down list.
- Double-click the saved .reg file to merge it.
- If prompted, click on Run > Yes (UAC) > Yes > OK to approve the merge.
- You can now delete the .reg file if you like.
To Specify use of BitLocker on Removable Data Drives, use the following code per your requirement:
Allow users to apply BitLocker protection on removable data drives:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftFVE] "RDVConfigureBDE"=dword:00000001 "RDVAllowBDE"=dword:00000000 "RDVDisableBDE"=dword:00000000
Repeat the steps above but name the reg file as Allow_Users_to_Apply.reg.
OR
Allow users to suspend and decrypt BitLocker on removable data drives:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftFVE] "RDVConfigureBDE"=dword:00000001 "RDVAllowBDE"=dword:00000000 "RDVDisableBDE"=dword:00000001
Repeat the steps above but name the reg file as Allow_Users_to_Suspend_Decrypt.reg.
To disable use of BitLocker on Removable data Drives, do the following:
- Open Notepad.
- Copy and paste the code below into the text editor.
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftFVE] "RDVConfigureBDE"=dword:00000000 "RDVAllowBDE"=dword:00000000 "RDVDisableBDE"=dword:00000000
- Now, click the File option from the menu and select Save As button.
- Choose a location (preferably desktop) where you want to save the file.
- Enter a name with .reg extension (eg; Disable_BitLocker_on_RDD.reg).
- Choose All Files from the Save as type drop-down list.
- Double-click the saved .reg file to merge it.
- If prompted, click on Run > Yes (UAC) > Yes > OK to approve the merge.
- You can now delete the .reg file if you like.
That’s it on how to enable or disable the use of BitLocker on Removable Data Drives in Windows 10!