How to Enforce BitLocker Encryption on Removable Drives
Enforcing BitLocker encryption on removable drives in Windows 11 requires setting specific policies.
This means making sure that any USB stick or external hard drive a person plugs into a computer must be encrypted. It’s an important step to keep your data safe if a drive gets lost or stolen.
You can set this up using the Local Group Policy Editor on Windows 11 Pro, Enterprise, or Education versions. For managing this on many computers at once, you can also use PowerShell commands.
Enforce BitLocker encryption for removable drives by opening Group Policy Editor and navigating to Computer Configuration > Windows Components > BitLocker Drive Encryption > Removable Data Drives. Double-click “Enforce drive encryption type on removable data drives” and select your desired encryption method. Save the changes and restart your computer.
What Is BitLocker and Why Use It?
BitLocker is a Windows tool that scrambles your files, so only you can read them with a password or key. Encrypting removable drives with BitLocker is smart because it keeps your private information safe if your USB drive gets lost or stolen.
BitLocker can protect external, fixed drives, and operating system drives. When BitLocker is enabled on your main Windows drive, it can automatically unlock at startup using a TPM chip (Trusted Platform Module – a security chip that aids encryption).
Understanding Encryption Types
When you turn on BitLocker for removable data drives, Windows will ask you to pick an encryption type.
Full encryption locks down your entire drive.
Why Enforce an Encryption Type?
The ‘Enforce drive encryption type on removable data drives’ policy setting lets you control how BitLocker functions on removable drives. This allows you to pick one encryption type for your whole organization or computer.
Method 1Using Group Policy Editor
You can enforce BitLocker encryption on all your removable drives using the Group Policy Editor. This built-in Windows tool lets you set rules, like forcing BitLocker encryption on USB drives, so your data stays protected automatically.
Search for “Edit group policy” in your Start menu. Click on ‘Local Group Policy Editor’ to open the tool.
Step 2: Navigate to BitLocker Settings
Follow this path in the left panel:
- Computer Configuration
- Administrative Templates
- Windows Components
- BitLocker Drive Encryption
- Removable Data Drives
Step 3: Find the Encryption Policy
Look for the setting “Enforce drive encryption type on removable data drives” in the right panel of the Group Policy Editor. Double-click this setting to open its configuration window.

Step 4: Choose Your Encryption Type
A window opens with three choices:
- Not Configured (default) – Works like Disabled. BitLocker will ask users which encryption type to use.
- Enabled – BitLocker uses the type you choose below. Users won’t see the option to pick a type in the wizard. Choose either “Full encryption” or “Use Space Only encryption.”
- Disabled – BitLocker setup will keep asking users to pick the encryption type.

Step 5: Save and Restart
Click OK to save. Your computer may need to restart to apply these changes.
Method 2Using Registry Editor %📂%FLAG_ADMIN%copy%
If you’re comfortable changing system settings, you can enforce BitLocker encryption on removable drives using the Registry Editor. This method directly tells Windows to require BitLocker for any USB drive you plug in, adding a strong layer of security.
Right-click on the Windows Registry editor and select “Run as administrator.”
Step 2: Navigate to the BitLocker Key
The Windows Registry, a central database for computer settings, resides at 🗝️HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System. Accessing this location allows management of BitLocker encryption policies for removable drives, ensuring external storage meets organizational security standards.
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVEStep 3: Find or Create the Encryption Type Setting
The ‘RDVEncryptionType’ setting appears in the right-hand pane. Double-click ‘RDVEncryptionType’ to open its properties window and select the encryption method for removable drives.
If you don’t see it, right-click in an empty space and select ‘New’ > ‘DWORD (32-bit) Value.’ Then, name this new value ‘RDVEncryptionType.’
Step 4: Set the Encryption Value
Enter one of these values:
- 1 – Enforces full encryption on removable drives
- 2 – Enforces used space only encryption on removable drives

Step 5: Save and Restart
Click OK to save your changes. Restart your computer to apply them.
How to Undo These Changes
RDVEncryptionType item you created and restart your computer.Summary
BitLocker encryption on removable drives protects your data. Either the Group Policy Editor or the Registry Editor can be used to set this security feature for USB drives. The Registry Editor allows direct changes for this setting.
- Group Policy Editor – Best for everyday users who prefer a visual interface
- Registry Editor – A direct way to change settings in Windows’ database
Both methods let you pick between full encryption or used space only encryption. Once set, BitLocker will use your choice without asking users. Remember to restart your computer after making changes.
Can you remove BitLocker encryption from a USB drive?
Yes, you can remove BitLocker encryption from a USB drive by turning off the encryption. Search for ‘Manage BitLocker’ in Windows, open it, and then select ‘Turn off BitLocker’ for the drive you want to decrypt.
How to encrypt a removable drive?
To encrypt a removable drive, you can encrypt individual files or folders on it. Insert your USB drive, right-click the file or folder you want to protect, select ‘Properties’, click ‘Advanced’ on the ‘General’ tab, and check ‘Encrypt contents to protect data’.
Was this guide helpful?
About the Author
Richard
Tech Writer, IT Professional
Richard, a writer for Geek Rewind, is a tech enthusiast who loves breaking down complex IT topics into simple, easy-to-understand ideas. With years of hands-on experience in system administration and enterprise IT operations, he’s developed a knack for offering practical tips and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.
No comments yet — be the first to share your thoughts!