One of the most secure methods to prevent unauthorized access to your data on your USB Stick, Is to encrypt It, by using the native Windows utility named BitLocker Drive Encryption. This also applies to the operating system and fixed data drives. It's good practice to enable It on every USB Flash Drive that's plugged Into your PC, hence In this tutorial, I will show you how to force USB Sticks to use BitLocker Encryption.
Essentially, once this method Is Implemented, a message (as per the Image above) will be displayed when a given USB Stick Is plugged Into your computer- asking to encrypt It In order to allow write access. If you don't, then data cannot be written to the drive.
This not only prevents viruses, malware and the like, from overwriting and Infecting the existing data but (of relevance here), forces the use of BitLocker Drive Encryption. After all, who wants a USB Stick that's only functional as read-only?
As such, I will demonstrate how to force BitLocker Encryption, by using the good old Group Policy Editor. Do note that the GPE, Is only available In Windows 10 Pro, Enterprise and Education editions. So without further delay, let's rip Into this tutorial.
Step One:To access the Group Policy Editor, open the Run menu, enter gpedit.msc and hit OK.
Step Two:The Group Policy Editor will now open, so navigate to the following directory.
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Removable Data Drives
Make sure Removable Data Drives Is selected, and on the right pane, double-click on Deny write access to removable drives not protected by BitLocker as shown below.
Step Three:To the left of the window, select the Enabled radio button, and then hit OK to finalize the process.
Step Four:From this point forward, any USB Stick that's plugged Into your computer, must be encrypted with BitLocker to be fully functional. I've tested It by plugging In my USB Flash Drive and as you can see, a message has been returned asking to either encrypt It, or leave It as read-only. For the purpose of this tutorial, I've selected the Don't encrypt this drive option. Let's see what happens when I try and write to It In the next step.
Last Step:I've tried to copy & paste a folder named Windows 10 Tips to my USB Stick, and as expected, a message of The disk Is write-protected has been displayed. Essentially, unless I encrypt It with BitLocker, I cannot write anything to disk. Perfect!
Final Thoughts:Obviously this applies to any type of USB removable data drive such as an external HDD, but for simplicity, I've referenced a USB Stick. As you're aware by now, once the setting has been applied via the Group Policy Editor, the only way to have a fully functional USB Stick Is to encrypt It with BitLocker.
To reverse the change, refer to Step Three above by selecting the Not Configured radio button, and hitting OK thereafter.