This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 15%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJT%3C/text%3E%3C/svg%3E)
hello, i am testing MECM deployed BitLocker (BL) policy. The policy is set for encryption of system / boot drive and worked without any noted issues. However weird issue with USB drives and I was hoping someone had some insight.
I took a look at everything I could find and was unable to find a fix.
Any thoughts?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Does it happens in case you insert it into the other device too?
Are they running the same build of Windows 10?
Try update both devices.
Try restart the PC and see if problem persist?
made another change. now the encrypted drives works as expected but a new unencrypted drive insert into USB works without encryption even after asking
now it really does not make any sense.
hello. thanks for the reply. the other device which has BitLocker enabled but not via MECM opens the encrypted drive after passphrase and an unencrypted drive without passphrase. Both times the other laptop can delete and add and edit files on the drive. as soon as the usb drive gets inserted into original laptop it becomes essentially write-protected. both laptops are Windows 20H2. both laptops are patched to latest. laptop is restarted each day.
@Jeffrey Tucker
Hi,
Run the gpedit.msc and navigate to:
Computer Configuration | Administrative Templates | Windows Components | BitLocker Drive Encryption | Removable Data Drives |
Please check the setting for "Deny write access to removable drives not protected by BitLocker" set to Enable. Change to disable. That will also stop the system from asking to encrypt the drive every time you plug it in.
Hope above information can help you.
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
hello @Jenny Feng
thanks for the reply. i am not really trying to disable the encryption. my issue is when i do encrypt the drive and put files on the drive, it only works while it is plugged in the first time. to get it to work again i have to encrypt it all over again on the original laptop. i have to do this each time i want to copy files to the drive from the original laptop. if i try it on another laptop, it all works as expected. it seems to be the opposite of what it should be. whey would i not be able to manipulate files with the laptop that did the original encryption?
thanks again
i did some testing and now with the current local policy settings i am able to work with the encrypted drive. great. but now i am not prompted to encrypt new drives.
