Policy
Deny write access to fixed drives not protected by BitLocker
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016
This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. If you enable this policy setting, all fixed data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. If you disable or do not configure this policy setting, all fixed data drives on the computer will be mounted with read and write access.
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\System\CurrentControlSet\Policies\Microsoft\FVE\FDVDenyWriteAccess | REG_DWORD | 1 | 0 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.
Other policies in this category
Explore related policies at the same level.
- ComputerAllow access to BitLocker-protected fixed data drives from earlier versions of WindowsAt least Windows Server 2008 R2 or Windows 7 through Windows Server 2022 or Windows 11 Version 22H2
- ComputerChoose how BitLocker-protected fixed drives can be recoveredAt least Windows Server 2008 R2 or Windows 7
- ComputerConfigure use of hardware-based encryption for fixed data drivesAt least Windows Server 2012 or Windows 8
- ComputerConfigure use of passwords for fixed data drivesAt least Windows Server 2008 R2 or Windows 7
- ComputerConfigure use of smart cards on fixed data drivesAt least Windows Server 2008 R2 or Windows 7
- ComputerEnforce drive encryption type on fixed data drivesAt least Windows Server 2012 or Windows 8