You can set a policy that configures whether BitLocker protection is required for a computer to be able to write data to fixed data drives. All fixed data drives that are not BitLocker-protected will be mounted as Read-only. If the drive is protected by BitLocker, it will be mounted with Read and Write access. In this post, we will show you how to allow or deny Write access to fixed data drives not protected by BitLocker for all users in Windows 11/10.
Before you begin, you should know that:
- BitLocker Drive Encryption is only available in Windows 11/10 Pro, Windows 11/10 Enterprise, and Windows 10 Education editions.
- You must be signed in as an Administrator to allow or deny write access to fixed data drives not protected by BitLocker.
Allow or Deny Write Access to Fixed Drives not Protected by BitLocker
To configure the Allow or Deny Write Access to Fixed Data Drives not Protected by BitLocker setting using the Group Policy Editor:
Open the Local Group Policy Editor.
On the left pane of Local Group Policy Editor, navigate to the location:
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Fixed Data Drives.
This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer.
If you enable this policy setting, all fixed data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.
If you disable or do not configure this policy setting, all fixed data drives on the computer will be mounted with read and write access.
On the right pane of Fixed Data Drives in Local Group Policy Editor, double-click Deny write access to fixed drives not protected by BitLocker policy to edit it.
Not Configured is the default setting. To configure the setting, do the following:
To Allow: Select the radio button for Not Configured or Disabled, and click OK.
To Deny: Select the radio button for Enabled, and click OK.
You can now exit the Group Policy editor.
Restart the computer for changes to take effect.
Related: Allow or deny Write Access to Removable Drives not protected by BitLocker.