Skip to main content


Force USB Sticks To Use BitLocker Encryption


One of the most secure methods to prevent unauthorized access to your data on your USB Stick, Is to encrypt It, by using the native Windows utility named BitLocker Drive Encryption. This also applies to the operating system and fixed data drives. It's good practice to enable It on every USB Flash Drive that's plugged Into your PC, hence In this tutorial, I will show you how to force USB Sticks to use BitLocker Encryption.


Essentially, once this method Is Implemented, a message (as per the Image above) will be displayed when a given USB Stick Is plugged Into your computer- asking to encrypt It In order to allow write access. If you don't, then data cannot be written to the drive.

This not only prevents viruses, malware and the like, from overwriting and Infecting the existing data but (of relevance here), forces the use of BitLocker Drive Encryption. After all, who wants a USB Stick that's only functional as read-only?

As such, I will demonstrate how to force BitLocker Encryption, by using the good old Group Policy Editor. Do note that the GPE, Is only available In Windows 10 Pro, Enterprise and Education editions. So without further delay, let's rip Into this tutorial.

Step One:

To access the Group Policy Editor, open the Run menu, enter gpedit.msc and hit OK.


Step Two:

The Group Policy Editor will now open, so navigate to the following directory.
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Removable Data Drives

Make sure Removable Data Drives Is selected, and on the right pane, double-click on Deny write access to removable drives not protected by BitLocker as shown below.


Step Three:

To the left of the window, select the Enabled radio button, and then hit OK to finalize the process.


Step Four:

From this point forward, any USB Stick that's plugged Into your computer, must be encrypted with BitLocker to be fully functional. I've tested It by plugging In my USB Flash Drive and as you can see, a message has been returned asking to either encrypt It, or leave It as read-only. For the purpose of this tutorial, I've selected the Don't encrypt this drive option. Let's see what happens when I try and write to It In the next step.


Last Step:

I've tried to copy & paste a folder named Windows 10 Tips to my USB Stick, and as expected, a message of The disk Is write-protected has been displayed. Essentially, unless I encrypt It with BitLocker, I cannot write anything to disk. Perfect!


Final Thoughts:

Obviously this applies to any type of USB removable data drive such as an external HDD, but for simplicity, I've referenced a USB Stick. As you're aware by now, once the setting has been applied via the Group Policy Editor, the only way to have a fully functional USB Stick Is to encrypt It with BitLocker.

To reverse the change, refer to Step Three above by selecting the Not Configured radio button, and hitting OK thereafter.



Comments

Popular posts from this blog

How To Decode The Windows 10 Product Key

Every Windows 10 operating system that's Installed and activated on the computer, has what's called a Product Key, that Is either pre-Installed by the manufacturer, or added by the end user when formatting their PC. In order to have a fully-functional OS, It must contain a valid Product Key. Whilst there are many tools that can extract It from the operating system, In this tutorial, I will show you how to manually decode the Product Key.

How To Rename Any Power Plan In Windows 10

In terms of managing and controlling the way your computer utilizes power during It's computing operations, Windows has built-In power plans, that are basically a collection of hardware and system settings. By default, there are three In total, namely Balanced, Power Saver and High Performance. Whilst you can change the plan Itself, there's no option to do the same with It's name, hence In this tutorial, I will show you how to rename any power plan In Windows 10.

How To Create A Fake File Of Any File Size

Depending on your business environment or Individual requirements, sometimes there Is the need to test files of a given capacity. Such tests can Include Identifying how well your hard disks perform under heavy read/write operations, or to establish whether files can be securely deleted beyond recovery. Whatever the reason may be, In this tutorial, I will show you how to create a fake file of any file size.