Override Bitlocker to Go Group Policy PowerShell

Override Bitlocker to Go Group Policy

Hello,

In some organization, group policies admins enforce Bitlocker to go (Deny write access to removable drives not protected by BitLocker), that can be pretty annoying if you have an USB stick for your car, an ebook reader, or any type of device that does not support Bitlocker.

Override Bitlocker to Go Group Policy

If you’re a local administrator, you can override this behavior with this registry key :

Set-ItemProperty HKLM:SystemCurrentControlSetPoliciesMicrosoftFVE -name RDVDenyWriteAccess -value 0

Do this before plug in your device, and you’re good to go.

The name and path of this registry key is not easy to remember so you can create a small PowerShell function with a friendly name:

Function Disable-BitlockerToGo{
    [CmdletBinding()]
    Param(
    )

    Begin{
    }
    Process{
        Set-ItemProperty HKLM:SystemCurrentControlSetPoliciesMicrosoftFVE -name RDVDenyWriteAccess -value 0
    }
    End{
    }
}

If you put this in your PowerShell profile ($Profile), it will be available anytime you start PowerShell so you’ll be able to write to any USB stick with a very few manual steps.

Override Bitlocker to Go Group Policy - PowerShell Function

Override Bitlocker to Go Group Policy – PowerShell Function

Note : You may need to redo this after any GPO refresh.

0 thoughts on “Override Bitlocker to Go Group Policy PowerShell

Leave a Reply