How to Enforce BitLocker Encryption on Removable Drives
You can enforce BitLocker encryption on removable drives in Windows 11 by changing some Group Policy settings.
This process makes sure all USB drives and portable storage devices connected to your computer automatically use BitLocker encryption. That way, unauthorized access to sensitive data is prevented.
Specifically, you’ll navigate to the “Removable Data Drives” section within the Group Policy Editor to enable the required encryption options.
This policy prevents users from saving unencrypted data to removable media, offering a robust layer of security for your files.
Configure BitLocker encryption for removable drives via Group Policy. Navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Removable Data Drives. Double-click “Enforce drive encryption type on removable data drives” and select your preferred encryption method.
What is BitLocker Encryption on Removable Drives?
BitLocker encryption for removable drives scrambles your data on USB sticks and external hard drives, keeping your files safe and private.
- Full Encryption: Encrypts the entire drive, even the empty space. This takes longer but is very secure.
- Used Space Only Encryption: Encrypts only the parts of the drive where you have saved files. This is faster but encrypts less data.
By default, Windows will ask you which encryption type you want when you first set up BitLocker for a removable drive.
How to Enforce One Encryption Type Using Group Policy
You can make sure BitLocker always uses the same encryption type for removable drives by using the Group Policy Editor, which helps keep security settings consistent across computers.
- Press the Start button, type
Edit group policy, and open the Local Group Policy Editor. - Go to this folder path:
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Removable Data Drives - On the right side, double-click
Enforce drive encryption type on removable data drives. - Choose one of these options:
- Not Configured (or Disabled): Windows will ask you which encryption type to use every time.
- Enabled: You pick one encryption type below, and Windows will not ask users anymore.
- Select
Full encryptionto always encrypt the whole drive. - Select
Used space only encryptionto encrypt only the used space. - Disabled: Same as Not Configured; user chooses encryption type.
- Click
OKto save. - Restart your PC to apply the change.

How to Enforce Encryption Type Using the Windows Registry
Forcing a specific BitLocker encryption type on removable drives can also be done using the Windows Registry Editor, offering an alternative way to set encryption standards directly in your system.
- ⚠️ Admin privileges required: Press Start, type
regedit, and open the Registry Editor (run as administrator). - Navigate to this key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE - Look for a value named
RDVEncryptionType. If it doesn’t exist, create it:- Right-click in the right pane →
New→DWORD (32-bit) Value - Name it
RDVEncryptionType
- Right-click in the right pane →
- Double-click
RDVEncryptionTypeand set its value data to:1to enforce Full encryption2to enforce Used space only encryption
- Click
OKand close the Registry Editor. - Restart your computer to apply the change.

RDVEncryptionType value you created.Summary
- BitLocker protects your data on removable drives by encrypting it.
- You can choose between full encryption or encrypting only used space.
- You can force a specific encryption type so users won’t be asked every time by using Group Policy or the Registry Editor.
- These steps help keep your data safer with the encryption method you prefer.
BitLocker protects your data on removable drives by encrypting it, and you can choose between full encryption or encrypting only used space.
Can BitLocker be applied to removable drives?
BitLocker To Go is BitLocker Drive Encryption on removable data drives. This feature includes the encryption of: USB flash drives. SD cards.
How to enable BitLocker on a removable drive?
In the Windows search bar, type Bitlocker, and then click Manage BitLocker. Under Removable data drives – BitLocker To Go, locate and select the removable drive that you want to encrypt. Click Turn on BitLocker. BitLocker will initiate the drive and this might take several minutes.
What is removable data drive BitLocker to go?
BitLocker To Go —a feature of Windows 10— is a full-disk encryption protection technology for removable storage devices that are connected to one of the USB ports on your computer (referred as either USB drive or drive hereafter).
Was this guide helpful?
About the Author
Richard
Tech Writer, IT Professional
Richard, a writer for Geek Rewind, is a tech enthusiast who loves breaking down complex IT topics into simple, easy-to-understand ideas. With years of hands-on experience in system administration and enterprise IT operations, he’s developed a knack for offering practical tips and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.
No comments yet — be the first to share your thoughts!