Temporarily bypass Bitlocker encryption requirement for removable devices

Microsoft allows a system administrator to set a policy that requires the users to enable Bitlocker encyption on any device before it can be written to. This is a pretty foolproof system to ensure that company data is always encrypted (except that you can always turn off encryption on a device, which will decrypt (not destroy) the data.

It's pretty simple in it's use and only mildly frustrating as you're waiting for the device's first encryption (it can take quite a while on a 1TB portable drive).

Except when you want to put something on your Kindle, old iPod Touch or in my case today on a USB flash drive in order to make it UEFI boot compatible.

Luckily it's quite easy to temporarily (until the policy gets refreshed) disable this through a small registry tweak (which requires you to run as local administrator).

Simply import the following to turn off the policy check:


Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FVE]
"RDVDenyWriteAccess"=dword:00000000

Import this snippet to revert back to the secure state:


Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FVE]
"RDVDenyWriteAccess"=dword:00000001

This is quite probably a breach in the security policy of your company. Use at your own risk.

Photo credit: Brandon.

Leave a comment.