The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

Deny Write Access to Fixed Drives not Protected by BitLocker in Windows 11/10

Download Windows Speedup Tool to fix errors and make PC run faster

You can set a policy that configures whether BitLocker protection is required for a computer to be able to write data to fixed data drives. All fixed data drives that are not BitLocker-protected will be mounted as Read-only. If the drive is protected by BitLocker, it will be mounted with Read and Write access. In this post, we will show you how to allow or deny Write access to fixed data drives not protected by BitLocker for all users in Windows 11/10.

Before you begin, you should know that:

  1. BitLocker Drive Encryption is only available in Windows 11/10 Pro, Windows 11/10 Enterprise, and Windows 10 Education editions.
  2. You must be signed in as an Administrator to allow or deny write access to fixed data drives not protected by BitLocker.

Allow or Deny Write Access to Fixed Drives not Protected by BitLocker

To configure the Allow or Deny Write Access to Fixed Data Drives not Protected by BitLocker setting using the Group Policy Editor:

Open the Local Group Policy Editor.

On the left pane of Local Group Policy Editor, navigate to the location:

Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Fixed Data Drives.

Allow or Deny Write Access to Fixed Drives not Protected by BitLocker

This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer.

If you enable this policy setting, all fixed data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.

If you disable or do not configure this policy setting, all fixed data drives on the computer will be mounted with read and write access.

On the right pane of Fixed Data Drives in Local Group Policy Editor, double-click Deny write access to fixed drives not protected by BitLocker policy to edit it.

Not Configured is the default setting. To configure the setting, do the following:

To Allow: Select the radio button for Not Configured or Disabled, and click OK.

To Deny: Select the radio button for Enabled, and click OK.

You can now exit the Group Policy editor.

Restart the computer for changes to take effect.

Related: Allow or deny Write Access to Removable Drives not protected by BitLocker.

Obinna@TWC

Obinna has completed B.Tech in Information & Communication Technology. He has worked as a System Support Engineer, primarily on User Endpoint Administration, as well as a Technical Analyst, primarily on Server/System Administration. He also has experience as a Network and Communications Officer. He has been a Windows Insider MVP (2020) and currently owns and runs a Computer Clinic.