Skip to main content


Force USB Sticks To Use BitLocker Encryption


One of the most secure methods to prevent unauthorized access to your data on your USB Stick, Is to encrypt It, by using the native Windows utility named BitLocker Drive Encryption. This also applies to the operating system and fixed data drives. It's good practice to enable It on every USB Flash Drive that's plugged Into your PC, hence In this tutorial, I will show you how to force USB Sticks to use BitLocker Encryption.


Essentially, once this method Is Implemented, a message (as per the Image above) will be displayed when a given USB Stick Is plugged Into your computer- asking to encrypt It In order to allow write access. If you don't, then data cannot be written to the drive.

This not only prevents viruses, malware and the like, from overwriting and Infecting the existing data but (of relevance here), forces the use of BitLocker Drive Encryption. After all, who wants a USB Stick that's only functional as read-only?

As such, I will demonstrate how to force BitLocker Encryption, by using the good old Group Policy Editor. Do note that the GPE, Is only available In Windows 10 Pro, Enterprise and Education editions. So without further delay, let's rip Into this tutorial.

Step One:

To access the Group Policy Editor, open the Run menu, enter gpedit.msc and hit OK.


Step Two:

The Group Policy Editor will now open, so navigate to the following directory.
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Removable Data Drives

Make sure Removable Data Drives Is selected, and on the right pane, double-click on Deny write access to removable drives not protected by BitLocker as shown below.


Step Three:

To the left of the window, select the Enabled radio button, and then hit OK to finalize the process.


Step Four:

From this point forward, any USB Stick that's plugged Into your computer, must be encrypted with BitLocker to be fully functional. I've tested It by plugging In my USB Flash Drive and as you can see, a message has been returned asking to either encrypt It, or leave It as read-only. For the purpose of this tutorial, I've selected the Don't encrypt this drive option. Let's see what happens when I try and write to It In the next step.


Last Step:

I've tried to copy & paste a folder named Windows 10 Tips to my USB Stick, and as expected, a message of The disk Is write-protected has been displayed. Essentially, unless I encrypt It with BitLocker, I cannot write anything to disk. Perfect!


Final Thoughts:

Obviously this applies to any type of USB removable data drive such as an external HDD, but for simplicity, I've referenced a USB Stick. As you're aware by now, once the setting has been applied via the Group Policy Editor, the only way to have a fully functional USB Stick Is to encrypt It with BitLocker.

To reverse the change, refer to Step Three above by selecting the Not Configured radio button, and hitting OK thereafter.



Comments

Popular posts from this blog

Check The Health Of Your Laptop's Battery

When you first purchase your laptop and fully charge the battery thereafter, It runs at It's optimal state for quite a while. However, over time, It Inevitably decreases In performance, and does not hold It's charge capacity as per It's brand new state. This Is due to wear & tear, and a few other factors. It's very Important to know the condition of your battery, so In this tutorial, I will show you how to view the current status and health of your laptop's battery.

How To Troubleshoot Your PC's Power Settings

Upon purchasing your computer with the Windows OS Installed, by default, It's power plan setting Is set to Balanced. Depending on the manufacturer, the hibernate and sleep modes are also configured to turn off at certain Intervals. You can also create a plan of your own, based on your computing usability. Power plan settings can corrupt at the best of times, hence In this tutorial, I will show you how to troubleshoot your PC's power settings natively within Windows.

Force Windows 10 To Boot To Advanced Startup

In the event your operating system corrupts and losses functionality to some degree, Windows 10 has the Advanced Startup Options menu, that contains a range of diagnostic and repair utilities to help restore the OS back to It's functional state. You can perform a System Restore, Reset your PC, execute commands via the Command Prompt and more. To have It readily available, In this tutorial, I will show you how to force Windows 10 to always boot to the Advanced Startup settings.