Skip to content
Follow
Windows

How to Enforce BitLocker Encryption on Removable Drives

Richard
Written by
Richard
May 19, 2024 Updated Jul 13, 2026 4 min read
BitLocker drive encrytion featured image
BitLocker drive encrytion featured image

Enforcing BitLocker encryption on removable drives in Windows 11 requires setting specific policies.

This means making sure that any USB stick or external hard drive a person plugs into a computer must be encrypted. It’s an important step to keep your data safe if a drive gets lost or stolen.

You can set this up using the Local Group Policy Editor on Windows 11 Pro, Enterprise, or Education versions. For managing this on many computers at once, you can also use PowerShell commands.

⚡ Quick Answer

Enforce BitLocker encryption for removable drives by opening Group Policy Editor and navigating to Computer Configuration > Windows Components > BitLocker Drive Encryption > Removable Data Drives. Double-click “Enforce drive encryption type on removable data drives” and select your desired encryption method. Save the changes and restart your computer.

What Is BitLocker and Why Use It?

BitLocker is a Windows tool that scrambles your files, so only you can read them with a password or key. Encrypting removable drives with BitLocker is smart because it keeps your private information safe if your USB drive gets lost or stolen.

BitLocker can protect external, fixed drives, and operating system drives. When BitLocker is enabled on your main Windows drive, it can automatically unlock at startup using a TPM chip (Trusted Platform Module – a security chip that aids encryption).

Understanding Encryption Types

When you turn on BitLocker for removable data drives, Windows will ask you to pick an encryption type.

Full encryption locks down your entire drive.

⚠️Warning
Used space only encryption, on the other hand, only protects the areas of the drive where your data is actually stored.

Why Enforce an Encryption Type?

The ‘Enforce drive encryption type on removable data drives’ policy setting lets you control how BitLocker functions on removable drives. This allows you to pick one encryption type for your whole organization or computer.

Method 1Using Group Policy Editor

You can enforce BitLocker encryption on all your removable drives using the Group Policy Editor. This built-in Windows tool lets you set rules, like forcing BitLocker encryption on USB drives, so your data stays protected automatically.

Search for “Edit group policy” in your Start menu. Click on ‘Local Group Policy Editor’ to open the tool.

Step 2: Navigate to BitLocker Settings

Follow this path in the left panel:

  • Computer Configuration
  • Administrative Templates
  • Windows Components
  • BitLocker Drive Encryption
  • Removable Data Drives

Step 3: Find the Encryption Policy

Look for the setting “Enforce drive encryption type on removable data drives” in the right panel of the Group Policy Editor. Double-click this setting to open its configuration window.

enforce encryption type on removeable data drive
enforce encryption type on removeable data drive

Step 4: Choose Your Encryption Type

A window opens with three choices:

  • Not Configured (default) – Works like Disabled. BitLocker will ask users which encryption type to use.
  • Enabled – BitLocker uses the type you choose below. Users won’t see the option to pick a type in the wizard. Choose either “Full encryption” or “Use Space Only encryption.”
  • Disabled – BitLocker setup will keep asking users to pick the encryption type.
enforce drive encryption type on removeable drive
enforce drive encryption type on removeable drive

Step 5: Save and Restart

Click OK to save. Your computer may need to restart to apply these changes.

Method 2Using Registry Editor %📂%FLAG_ADMIN%copy%

If you’re comfortable changing system settings, you can enforce BitLocker encryption on removable drives using the Registry Editor. This method directly tells Windows to require BitLocker for any USB drive you plug in, adding a strong layer of security.

Right-click on the Windows Registry editor and select “Run as administrator.”

Step 2: Navigate to the BitLocker Key

The Windows Registry, a central database for computer settings, resides at 🗝️HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System. Accessing this location allows management of BitLocker encryption policies for removable drives, ensuring external storage meets organizational security standards.

💻Code
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE

Step 3: Find or Create the Encryption Type Setting

The ‘RDVEncryptionType’ setting appears in the right-hand pane. Double-click ‘RDVEncryptionType’ to open its properties window and select the encryption method for removable drives.

If you don’t see it, right-click in an empty space and select ‘New’ > ‘DWORD (32-bit) Value.’ Then, name this new value ‘RDVEncryptionType.’

Step 4: Set the Encryption Value

Enter one of these values:

  • 1 – Enforces full encryption on removable drives
  • 2 – Enforces used space only encryption on removable drives
enforce BitLocker encryption type for removeable drives
enforce BitLocker encryption type for removeable drives

Step 5: Save and Restart

Click OK to save your changes. Restart your computer to apply them.

How to Undo These Changes

⚠️Warning
To revert to letting users choose their own encryption type, delete the RDVEncryptionType item you created and restart your computer.

Summary

BitLocker encryption on removable drives protects your data. Either the Group Policy Editor or the Registry Editor can be used to set this security feature for USB drives. The Registry Editor allows direct changes for this setting.

  • Group Policy Editor – Best for everyday users who prefer a visual interface
  • Registry Editor – A direct way to change settings in Windows’ database

Both methods let you pick between full encryption or used space only encryption. Once set, BitLocker will use your choice without asking users. Remember to restart your computer after making changes.





Can you remove BitLocker encryption from a USB drive?

Yes, you can remove BitLocker encryption from a USB drive by turning off the encryption. Search for ‘Manage BitLocker’ in Windows, open it, and then select ‘Turn off BitLocker’ for the drive you want to decrypt.

How to encrypt a removable drive?

To encrypt a removable drive, you can encrypt individual files or folders on it. Insert your USB drive, right-click the file or folder you want to protect, select ‘Properties’, click ‘Advanced’ on the ‘General’ tab, and check ‘Encrypt contents to protect data’.

Was this guide helpful?

Tags: #Windows 11
Was this helpful?
Richard

About the Author

Richard

Tech Writer, IT Professional

Richard, a writer for Geek Rewind, is a tech enthusiast who loves breaking down complex IT topics into simple, easy-to-understand ideas. With years of hands-on experience in system administration and enterprise IT operations, he’s developed a knack for offering practical tips and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.

📚 Related Tutorials

How to Change File Explorer Layout in Windows 11
Windows How to Change File Explorer Layout in Windows 11
How to Enforce BitLocker Encryption on Removable Drives
Windows How to Enforce BitLocker Encryption on Removable Drives
How to Choose BitLocker Encryption Type on Windows 11 Drives
Windows How to Choose BitLocker Encryption Type on Windows 11 Drives
How to Change BitLocker Encryption in Windows 11
Windows How to Change BitLocker Encryption in Windows 11

No comments yet — be the first to share your thoughts!

Leave a Comment

Your email address will not be published. Required fields are marked *