Temporarily bypass Bitlocker encryption requirement for removable devices
Microsoft allows a system administrator to set a policy that requires the users to enable Bitlocker encyption on any device before it can be written to. This is a pretty foolproof system to ensure that company data is always encrypted (except that you can always turn off encryption on a device, which will decrypt (not destroy) the data.
It's pretty simple in it's use and only mildly frustrating as you're waiting for the device's first encryption (it can take quite a while on a 1TB portable drive).
Except when you want to put something on your Kindle, old iPod Touch or in my case today on a USB flash drive in order to make it UEFI boot compatible.
Luckily it's quite easy to temporarily (until the policy gets refreshed) disable this through a small registry tweak (which requires you to run as local administrator).
Simply import the following to turn off the policy check:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FVE]
"RDVDenyWriteAccess"=dword:00000000
Import this snippet to revert back to the secure state:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FVE]
"RDVDenyWriteAccess"=dword:00000001
This is quite probably a breach in the security policy of your company. Use at your own risk.
Photo credit: Brandon.
Leave a comment.