Information
This policy setting configures whether the computer will be able to write data to BitLocker-protected removable drives that were configured in another organization.
The recommended state for this setting is: Enabled: False (unchecked).
Rationale:
Restricting write access to BitLocker-protected removable drives that were configured in another organization can hinder legitimate business operations where encrypted data sharing is necessary.
Impact:
None - this is the default behavior.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled: False (unchecked):
Computer Configuration\Policies\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template VolumeEncryption.admx/adml that is included with the Microsoft Windows 7 & Server 2008 R2 Administrative Templates (or newer).
Default Value:
Enabled: False (unchecked). (Write access will be permitted to BitLocker-protected removable drives that were configured in another organization.)