Skip to main content


Force USB Sticks To Use BitLocker Encryption


One of the most secure methods to prevent unauthorized access to your data on your USB Stick, Is to encrypt It, by using the native Windows utility named BitLocker Drive Encryption. This also applies to the operating system and fixed data drives. It's good practice to enable It on every USB Flash Drive that's plugged Into your PC, hence In this tutorial, I will show you how to force USB Sticks to use BitLocker Encryption.


Essentially, once this method Is Implemented, a message (as per the Image above) will be displayed when a given USB Stick Is plugged Into your computer- asking to encrypt It In order to allow write access. If you don't, then data cannot be written to the drive.

This not only prevents viruses, malware and the like, from overwriting and Infecting the existing data but (of relevance here), forces the use of BitLocker Drive Encryption. After all, who wants a USB Stick that's only functional as read-only?

As such, I will demonstrate how to force BitLocker Encryption, by using the good old Group Policy Editor. Do note that the GPE, Is only available In Windows 10 Pro, Enterprise and Education editions. So without further delay, let's rip Into this tutorial.

Step One:

To access the Group Policy Editor, open the Run menu, enter gpedit.msc and hit OK.


Step Two:

The Group Policy Editor will now open, so navigate to the following directory.
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Removable Data Drives

Make sure Removable Data Drives Is selected, and on the right pane, double-click on Deny write access to removable drives not protected by BitLocker as shown below.


Step Three:

To the left of the window, select the Enabled radio button, and then hit OK to finalize the process.


Step Four:

From this point forward, any USB Stick that's plugged Into your computer, must be encrypted with BitLocker to be fully functional. I've tested It by plugging In my USB Flash Drive and as you can see, a message has been returned asking to either encrypt It, or leave It as read-only. For the purpose of this tutorial, I've selected the Don't encrypt this drive option. Let's see what happens when I try and write to It In the next step.


Last Step:

I've tried to copy & paste a folder named Windows 10 Tips to my USB Stick, and as expected, a message of The disk Is write-protected has been displayed. Essentially, unless I encrypt It with BitLocker, I cannot write anything to disk. Perfect!


Final Thoughts:

Obviously this applies to any type of USB removable data drive such as an external HDD, but for simplicity, I've referenced a USB Stick. As you're aware by now, once the setting has been applied via the Group Policy Editor, the only way to have a fully functional USB Stick Is to encrypt It with BitLocker.

To reverse the change, refer to Step Three above by selecting the Not Configured radio button, and hitting OK thereafter.



Comments

Popular posts from this blog

How To Use Sandboxie In Windows 10

When navigating online and downloading & executing applications, clicking on links, visiting websites that you're not familiar with and so forth, your computer Is vulnerable to being Infected with a virus. The last thing you need, Is to have your sensitive files compromised or hit with a nasty piece of malware. To prevent this, In this tutorial, I will show you how to safely perform all the above and more, by using a software named Sandboxie.

Create A Bootable USB Flash Drive

If you have a Bootable ISO Image file of the Windows operating system, obviously the Intention Is to burn It to disc and boot from your PC thereafter. However, optical drives are slowly being phased out In manufacturing & shipping of new computers, so what do you do from here? The alternative Is to create a bootable USB flash drive, and I will show you exactly how It's done. The process Is quite simple, yet a lot of users fail to grasp the concept.


Open The Command Prompt In Any Directory

A very powerful tool native to the Windows platform, Is the Command Prompt that allows users to perform an array of tasks, such as renaming and deleting files & folders, formatting disks and the list goes on. Sometimes, you need to navigate to certain directories by executing commands, which can be a lengthy and somewhat frustrating process. As such, In this tutorial, I will show you how to easily open the Command Prompt In any directory/folder of your choice.