Policy selection for ADMX packs

Policy overview

Key metadata and intent for this policy.

ClassComputer

CategoryWindows Components > BitLocker Drive Encryption > Removable Data Drives

Supported onAt least Windows Server 2008 R2 or Windows 7

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016

This policy setting allows you to specify whether smart cards can be used to authenticate user access to BitLocker-protected removable data drives on a computer. If you enable this policy setting smart cards can be used to authenticate user access to the drive. You can require a smart card authentication by selecting the "Require use of smart cards on removable data drives" check box. Note: These settings are enforced when turning on BitLocker, not when unlocking a drive. BitLocker will allow unlocking a drive with any of the protectors available on the drive. If you disable this policy setting, users are not allowed to use smart cards to authenticate their access to BitLocker-protected removable data drives. If you do not configure this policy setting, smart cards are available to authenticate user access to a BitLocker-protected removable data drive.

Internal name

RDVConfigureSmartCard

Policy ID

f8f20c809db8

Elements

Registry values

How enabled and disabled states update the registry.

Registry location	Type	Enabled value	Disabled value
HKLM\Software\Policies\Microsoft\FVE\RDVAllowUserCert	REG_DWORD	1	0

Policy elements

Inputs and configuration options exposed by this policy.

Element	Type	Registry mapping	Constraints & behavior
Require use of smart cards on removable data drives ID RDVRequireSmartCard_Name	boolean	HKLM\Software\Policies\Microsoft\FVE\RDVEnforceUserCert Type REG_DWORD	Options: true (1), false (0) True: Set value = 1 · False: Set value = 0

Other policies in this category

Explore related policies at the same level.