BitLocker can help block hackers from accessing the system files they rely on to discover your password, or from accessing your drive by physically removing it from your PC and installing it in a different one. You can still sign in to Windows and use your files as you normally would. If you like, you can set a policy that configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive ex: All removable data drives that are not BitLocker-protected will be mounted as read-only.
The common reason is for sanity, as we know that these devices can be the media of virus and malware to spread. There is also security reason, as sometimes people can put confidential data in these devices, which could easily be lost or stolen.
This control can be the alternative to secure the network before implementing more complex security solutions like anti-virus or data loss prevention. As seen on the above screenshot, various settings for several device types has been preconfigured, such as removable disks includes USB flash drive and external hard diskWPD or Windows Portable Device includes smartphone, music player, etcCD and DVD, and even tape drives and floppy drives.
Note that there are three types of deny action that we can choose: Computer will totally block all users from reading contents in the removable storage. Administrator can use this if they want to completely restrict the usage of removable storage. Computer will prevent all users transferring anything to the removable storage, but not the other way around.
Users will still be able to read contents in the removable storage. This action is suitable if the administrator only wants to protect confidential data in the computer from being copied out to a removable storage.
This action is suitable if the administrator only wants to protect the computer from virus or malware that might be exist in the removable storage. Policy must be applied at the computer level. This message below will be shown in the client when they attempted to do so: It is worth noting that administrator can also apply this policy at the user level, so each users may have different privilege on the computer.
Notice that there are less available settings here compared to settings that can be applied at the computer level. At user level, we can only control read and write access, while at computer level we can also control execute access.
In some case, the access rights may not be changed despite the policy has been applied. If this happens, then it may be required to also enable the setting to Set time in seconds to force reboot. Computer will be forced to reboot after the defined time and the access rights will be changed afterwards.On the right side, double-click the Removable Disks: Deny write access policy.
On the top-left, select the Enabled option to activate the policy. Click Apply.
Jan 01, · As Win 7 pro doesn't support bitlocker and Deny write access to removable drives not protected by Bitlocker is under biteloker setting, maybe this policy incompatible with win 7 pro.
for your requirement, we can use the policy "Removable disks:deny write access"under Administrative Templates, System, Removable Storage Access. This policy setting denies write access to removable kaja-net.com you enable this policy setting write access is denied to this removable storage kaja-net.com you disable or do not configure this policy setting write access is allowed to this removable storage kaja-net.com: Removable Disks: Deny write access.
In addition to Read and Write access control, you can also use “Removable Disks: Deny execute access” policy to disable execute access to USB drive or all types of removable storages.
Comparing to Read and Write access, it’s more important having the ability to disable the execute access so the malicious code that comes with the USB drive. Dec 16, · Enable/Disable access to removable storage In the example below I used the registry keys for the Removable Disks: Deny write access and Removable Disks: Deny read access Group Policy kaja-net.com's only tested on Wind.
On the right side, double-click the Removable Disks: Deny write access policy. On the top-left, select the Enabled option to activate the policy. Click Apply.