Enforce BitLocker Drive Encryption for Data Drives

If you cannot enable encryption for removable drives, you can use the Local Group Policy Editor or Registry Editor to get it done. This guide explains how you can enforce BitLocker drive encryption for removal data drives or fixed data drives and select a specific encryption type. For your information, the process is the same on Windows 11 and Windows 10.

How to enforce BitLocker drive encryption for REMOVABLE Data Drives

To enforce BitLocker drive encryption for removable data drives, follow these steps:

1. Press Win+R > type gpedit.msc > click the OK button.
2. Go to BitLocker Drive Encryption > Removable Data Drives in Computer Configuration.
3. Double-click on the Enforce drive encryption type on removable data drives setting.
4. Choose the Enabled option.
5. Select the Full Encryption or Used Space Only encryption option.
6. Click the OK button.

Let’s check out these steps in detail.

To get started, press Win+R > type gpedit.msc and click the OK button to open the Local Group Policy Editor on your computer. Then, navigate to this path:

Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Removable Data Drives

Find the Enforce drive encryption type on removable data drives setting and double-click on it.

Choose the Enabled option and expand the drop-down menu. Then, select either the Full Encryption or Used Space Only option.

Click the OK button to save the change.

Enforce BitLocker drive encryption for Removable Data Drives using Registry

To enforce BitLocker drive encryption for removable data drives using Registry, follow these steps:

1. Search for regedit in the Taskbar search box.
2. Click on the search result.
3. Click the Yes button in the UAC prompt.
4. Go to Microsoft in HKLM.
5. Right-click on Microsoft > New > Key and name it FVE.
6. Right-click on FVE > New > DWORD (32-bit) Value.
7. Set the name as RDVEncryptionType.
8. Double-click on it to set the Value data.
9. Enter 1for Full Encryption and 2 for Used Space Only encryption.
10. Click the OK button.
11. Restart your computer.

Let’s find out more about these aforementioned steps to learn more.

First, search for regedit in the Taskbar search box and click on the individual search result. Then, click the Yes option on the UAC prompt.

Following that, go to this path:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft

Here you need to create a sub-key. For that, right-click on Microsoft > New > Key and set the name as FVE.

Then, right-click on FVE > New > DWORD (32-bit) Value and name it as RDVEncryptionType.

If you want to let users choose the encryption type, keep the Value data as 0. However, if you want to enforce Full Encryption, you need to double-click on it and set the Value data as 1.

On the other hand, if you want to encrypt Used Space Only, you need to set the Value data as 2.

Finally, click the OK button, close all windows, and restart your computer.

How to enforce BitLocker drive encryption for FIXED Data Drives

To enforce BitLocker drive encryption for fixed data drives is similar and you need to follow these steps:

Press Win+R > type gpedit.msc > click the OK button.

Go to:

Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Fixed Data Drives

Find the Enforce drive encryption type on fixed data drives setting and double-click on it.

Choose the Enabled option and expand the drop-down menu. Then, select either the Full Encryption or Used Space Only option.

Click the OK button.

Read: Configure BitLocker hardware-based encryption for fixed data drives

Enforce BitLocker drive encryption for Removable Data Drives using Registry

To enforce BitLocker drive encryption for removable data drives using Registry, open Registry Editor and go to the following path:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft

You need to create a subkey here. To do that, right-click on Microsoft > New > Key and set the name as FDE.

Then, right-click on FDE > New > DWORD (32-bit) Value and name it as FDVEncryptionType.

If you want to let users choose the encryption type, keep the Value data as 0. However, if you want to enforce Full Encryption, double-click on it and set the Value data as 1.

If you want to encrypt Used Space Only, you need to set the Value data as 2.

That’s it.

Read: Choose how BitLocker unlocks OS Drive at Startup in Windows

How do I use BitLocker for encryption on removable drives?

To use BitLocker on the removable drive, you have three options. You can right-click on the removable drive and choose the Turn on BitLocker option. Alternatively, you can enable the same with the help of the Local Group Policy Editor and the Registry Editor. You can follow this guide to turn on BitLocker on removable drives.

Can BitLocker protect removable drives?

Yes, BitLocker can protect removable drives on Windows PC. For that, you need to use BitLocker To Go instead of the regular BitLocker. Whether you use Windows 11 or Windows 10, you must opt for BitLocker To Go. It is also possible to password protect USB drives using other methods as well – using USB Safeguard, TrueCrypt, etc.

Read: How to Enable or Disable BitLocker for encrypted Data Drives in Windows.