Policy

Control use of BitLocker on removable drives

Microsoft Windows

Back to Removable Data DrivesBack to main
Control use of BitLocker on removable drives
Jump to overview

Policy overview

Key metadata and intent for this policy.

Computer
Category
Windows Components > BitLocker Drive Encryption > Removable Data Drives
Supported on
At least Windows Server 2008 R2 or Windows 7

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016

This policy setting controls the use of BitLocker on removable data drives. This policy setting is applied when you turn on BitLocker. When this policy setting is enabled you can select property settings that control how users can configure BitLocker. Choose "Allow users to apply BitLocker protection on removable data drives" to permit the user to run the BitLocker setup wizard on a removable data drive. Choose "Allow users to suspend and decrypt BitLocker on removable data drives" to permit the user to remove BitLocker Drive encryption from the drive or suspend the encryption while maintenance is performed. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information on suspending BitLocker protection. If you do not configure this policy setting, users can use BitLocker on removable disk drives. If you disable this policy setting, users cannot use BitLocker on removable disk drives.

Internal name
RDVConfigureBDE
Policy ID
792ee4312b10
Elements
2

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
Computer
Path
Software\Policies\Microsoft\FVE
Value name
RDVConfigureBDE
REG_DWORD
HKLM
1
HKLM
0
Registry location
Type REG_DWORD · Computer
Path
Software\Policies\Microsoft\FVE
Value name
RDVConfigureBDE
Hive
HKLM
Enabled value
1
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

ScopeElementTypeRegistry mappingConstraints & behaviorCopy
Computer
Allow users to apply BitLocker protection on removable data drives
ID RDVAllowBDE_Name
boolean
Path
Software\Policies\Microsoft\FVE
Value name
RDVAllowBDE
Type
REG_DWORD
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0
Computer
Allow users to suspend and decrypt BitLocker protection on removable data drives
ID RDVDisableBDE_Name
boolean
Path
Software\Policies\Microsoft\FVE
Value name
RDVDisableBDE
Type
REG_DWORD
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0
Allow users to apply BitLocker protection on removable data drives
Computer · Type boolean
Registry mapping
Path
Software\Policies\Microsoft\FVE
Value name
RDVAllowBDE
Type
REG_DWORD
Details
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0
Allow users to suspend and decrypt BitLocker protection on removable data drives
Computer · Type boolean
Registry mapping
Path
Software\Policies\Microsoft\FVE
Value name
RDVDisableBDE
Type
REG_DWORD
Details
Options: true (1), false (0)
True: Set value = 1 · False: Set value = 0