Policy
Control use of BitLocker on removable drives
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016
This policy setting controls the use of BitLocker on removable data drives. This policy setting is applied when you turn on BitLocker. When this policy setting is enabled you can select property settings that control how users can configure BitLocker. Choose "Allow users to apply BitLocker protection on removable data drives" to permit the user to run the BitLocker setup wizard on a removable data drive. Choose "Allow users to suspend and decrypt BitLocker on removable data drives" to permit the user to remove BitLocker Drive encryption from the drive or suspend the encryption while maintenance is performed. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information on suspending BitLocker protection. If you do not configure this policy setting, users can use BitLocker on removable disk drives. If you disable this policy setting, users cannot use BitLocker on removable disk drives.
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\Software\Policies\Microsoft\FVE\RDVConfigureBDE | REG_DWORD | 1 | 0 |
Policy elements
Inputs and configuration options exposed by this policy.
| Element | Type | Registry mapping | Constraints & behavior |
|---|---|---|---|
Allow users to apply BitLocker protection on removable data drives ID RDVAllowBDE_Name | boolean | HKLM\Software\Policies\Microsoft\FVE\RDVAllowBDE Type REG_DWORD | Options: true (1), false (0) True: Set value = 1 · False: Set value = 0 |
Allow users to suspend and decrypt BitLocker protection on removable data drives ID RDVDisableBDE_Name | boolean | HKLM\Software\Policies\Microsoft\FVE\RDVDisableBDE Type REG_DWORD | Options: true (1), false (0) True: Set value = 1 · False: Set value = 0 |
Other policies in this category
Explore related policies at the same level.
- ComputerAllow access to BitLocker-protected removable data drives from earlier versions of WindowsAt least Windows Server 2008 R2 or Windows 7 through Windows Server 2022 or Windows 11 Version 22H2
- ComputerChoose how BitLocker-protected removable drives can be recoveredAt least Windows Server 2008 R2 or Windows 7
- ComputerConfigure use of hardware-based encryption for removable data drivesAt least Windows Server 2012 or Windows 8
- ComputerConfigure use of passwords for removable data drivesAt least Windows Server 2008 R2 or Windows 7
- ComputerConfigure use of smart cards on removable data drivesAt least Windows Server 2008 R2 or Windows 7
- ComputerDeny write access to removable drives not protected by BitLockerAt least Windows Server 2008 R2 or Windows 7
- ComputerEnforce drive encryption type on removable data drivesAt least Windows Server 2012 or Windows 8