IT Best Practice
 For Small Business

  IT Best Practice  

Bitlocker Drive Encryption - Removable Data Drives

This video will demonstrate how to apply the Local Group Policy: Deny write access to removable drives not protected by Bitlocker to a Windows 10/11 device.

System requirements

( Windows 10/11 Pro, Enterprise, and Education editions )

This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive (USB flash drives, etc.). If you enable this policy setting, all removable data drives that are not BitLocker-protected will be mounted as read-only.

This is a simple, but very important, Local Computer Policy that can prevent a simple mistake from damaging your company’s reputation and possibly make you liable for confidential client information that was not secure. 

Microsoft Documentation: Deny write access to removable drives not protected by BitLocker






Additional Information:

Sample Policy: Removable Data Drive Policy


Step Instructions:  

1st - you will need to log in with administrative privileges

2nd - type gpedit.msc in the search bar and press enter or click on the gpedit.msc link


(under Computer Configuration)

3rd - select (click on) Administrative Templates


4th - select (click on) Windows Components


5th - select (click on) Bitlocker Drive Encryption


6th - select (click on) Removable Data Drives


7th - select (click on) Deny write access to removable drives not protected by Bitlocker


8th - select (click on) Enable - and then click on Apply




Local Group Policy: 

Deny write access to removable drives not protected by Bitlocker


This is a simple, but very important, Local Computer Policy that can prevent a simple mistake from damaging your company’s reputation and possibly make you liable for confidential client information that was not secure.

There are countless examples in the public and private sector where an employee accidentally misplaced a USB removable storage device with sensitive information on them. In this video we will cover basic security for removable storage devices, also referred to as USB drives, Pen drives, flash drives, etc. 


Why should  - small businesses need to use this policy?

- protect sensitive information
If anyone connects a removable storage device (USB drive) to a company computer, they put you at risk. This local group policy prevents users from copying company data to an unsecured removable storage device (USB Drive).

- security compliance
Regardless of your business sector if your company retains client/customer sensitive data (social security numbers, name, mailing addresses, birth date, bank account information, tax id numbers, email addresses, telephone numbers, etc.) there is a regulation “ somewhere” requiring you to protect it.
This policy will assist regarding removable storage devices.

- financial liability
A lost unsecured USB drive with sensitive/confidential information can expose your business to legal actions, fines and even lawsuits.

All 50 states have data breach laws. For Example: A Kentucky data breach law pertaining to the private and public sector is KRS 365.732 Notification to affected persons of computer security breach involving their unencrypted personally identifiable information.

The public sector has additional statutes regarding information protection including KRS 61.931 to 61.934.