Control use of BitLocker on removable drives

This policy setting controls the use of BitLocker on removable data drives. This policy setting is applied when you turn on BitLocker.

When this policy setting is enabled you can select property settings that control how users can configure BitLocker. Choose "Allow users to apply BitLocker protection on removable data drives" to permit the user to run the BitLocker setup wizard on a removable data drive. Choose "Allow users to suspend and decrypt BitLocker on removable data drives" to permit the user to remove BitLocker Drive encryption from the drive or suspend the encryption while maintenance is performed. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information on suspending BitLocker protection.

When choosing "Allow users to apply BitLocker protection on removable data drives", after the removable data drive is encrypted, it will enable saving BitLocker recovery information based on the ‘Configure MBAM services' policy.

If you do not configure this policy setting, users can use BitLocker on removable disk drives.

If you disable this policy setting, users cannot use BitLocker on removable disk drives.

When enabling BitLocker, the following policies in the System/Removable Storage Access should be set to disabled:

When enabling BitLocker protection on removable drive, you must not disable "Configure use of password for removable data drives" policy.
When enabling BitLocker protection on removable drive, for higher security you may want to disable the following policies in the System/Removable Storage Access.
All Removable storage classes Deny all access (user & machine)
Removable Disks: Deny write access (user & machine)
Removable Disks: Deny read access (user & machine).

Supported on: At least Windows 7
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\FVE
Value NameRDVConfigureBDE
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

When enabling BitLocker on a removable drive, see explanation for policies setting on system/removable storage access

Allow users to apply BitLocker protection on removable data drives
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\FVE
Value NameRDVAllowBDE
Value TypeREG_DWORD
Default Value1
True Value1
False Value0
Allow users to suspend and decrypt BitLocker protection on removable data drives
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\FVE
Value NameRDVDisableBDE
Value TypeREG_DWORD
Default Value1
True Value1
False Value0

bitlockermanagement.admx

Administrative Templates (Computers)

Administrative Templates (Users)