This guide shows you how to set up BitLocker encryption on removable drives in Windows 11. It’s easier than you think.
What Is BitLocker and Why Use It?
BitLocker protects your computer data. Only people you allow can open and read your files. When you turn on BitLocker for a drive, all new files saved there are automatically protected too.
You can protect external, fixed drives, and operating system drives using BitLocker. When you enable BitLocker on your main Windows drive, it automatically unlocks the drive at startup using a TPM chip.
Understanding Encryption Types
When you turn on BitLocker for removable data drives, BitLocker asks you to pick an encryption type.
Full encryption means the entire drive gets locked down when you turn on BitLocker.
Used space only encryption means only the parts of the drive storing your data get locked down.
Why Enforce an Encryption Type?
You can use the Enforce drive encryption type on removable data drives policy setting to control how BitLocker works on removable drives. This lets you pick one encryption type for your whole organization or computer.
Method 1: Using Group Policy Editor
Step 1: Open Group Policy Editor
Search for “Edit group policy” on your Start menu. Click on Local Group Policy Editor to open it.
Step 2: Navigate to BitLocker Settings
Follow this path in the left panel:
- Computer Configuration
- Administrative Templates
- Windows Components
- BitLocker Drive Encryption
- Removable Data Drives
Step 3: Find the Encryption Policy
Look in the right panel for “Enforce drive encryption type on removable data drives.” Double-click it.
Step 4: Choose Your Encryption Type
A window opens with three choices:
- Not Configured (default) – Works like Disabled. BitLocker will ask users which encryption type to use.
- Enabled – BitLocker uses the type you choose below. Users won’t see the option to pick a type in the wizard. Choose either “Full encryption” or “Use Space Only encryption.”
- Disabled – BitLocker setup will keep asking users to pick the encryption type.
Step 5: Save and Restart
Click OK to save. Your computer may need to restart to apply these changes.
Method 2: Using Registry Editor %%FLAG_ADMIN%%
Step 1: Open Registry Editor as Administrator %%FLAG_ADMIN%%
Right-click on Windows Registry editor and select “Run as administrator.”
Step 2: Navigate to the BitLocker Key
Go to this location in the registry:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVEStep 3: Find or Create the Encryption Type Setting
Look in the right pane for RDVEncryptionType. Double-click it to open it.
If you don’t see it, right-click in an empty area and create a new DWORD 32-bit Value. Name it RDVEncryptionType.
Step 4: Set the Encryption Value
Enter one of these values:
- 1 – Enforces full encryption on removable drives
- 2 – Enforces used space only encryption on removable drives
Step 5: Save and Restart
Click OK to save your changes. Restart your computer to apply them.
How to Undo These Changes
Want to let users choose their own encryption type again? Simply delete the RDVEncryptionType item you created. Then restart your computer.
Summary
Enforcing BitLocker encryption type adds an extra layer of security to your removable drives in Windows 11. You have two ways to do this:
- Group Policy Editor – Best for everyday users who prefer a visual interface
- Registry Editor – A direct way to change settings in Windows’ database
Both methods let you pick between full encryption or used space only encryption. Once set, BitLocker will use your choice without asking users. Remember to restart your computer after making changes.
Frequently Asked Questions
What is BitLocker and how does it protect my data?
How do I enable BitLocker on a removable drive?
What are the encryption options available for BitLocker on removable drives?
How can I enforce a specific encryption type for removable drives using Group Policy?
Can I change the BitLocker encryption settings using the Windows Registry?
Leave a Reply