Deny write access to fixed drives not protected by BitLocker

This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker.

If you enable this policy setting, all fixed data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.

If you disable or do not configure this policy setting, all fixed data drives on the computer will be mounted with read and write access.

Supported on: At least Windows 7
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSystem\CurrentControlSet\Policies\Microsoft\FVE
Value NameFDVDenyWriteAccess
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

bitlockermanagement.admx

Administrative Templates (Computers)

Administrative Templates (Users)