4

I want to create a w10 bootable usb from a pc with bitlocker enabled. Everytime I plug an usb drive pc asks me if I want to encrypt the drive etc. When I have tried to create a bootable I receive the message "media is write protected" or something similar. Is there a way to create bootable usb with bitlocker enabled? I've disabled via "regedit" the automatic encryption but it not works.

Improve this question
4
  • It's a different problem, in my case when the tool (i.e. rufus) unplug and plug again the usb drive it becomes "write protected"..
    – Manuel Castro
    Commented Nov 22, 2019 at 13:41
  • Say no to encryption when asked.
    – user931000
    Commented Nov 22, 2019 at 14:01
  • yep i did it and initially it works, as far I can understand at a certain momenti it "reboot" the usb and then it cannot write on it anymore.
    – Manuel Castro
    Commented Nov 22, 2019 at 14:08
  • @ManuelCastro You're overthinking it and you apparently don't know a few things you should for the task you intend. Just open disk management and remove the encrypted partition. If need be create a new FAT32 one. Rufus shouldn't care what 's in it anywe, as long it's not locked.
    – user931000
    Commented Nov 22, 2019 at 17:38

1 Answer 1

Reset to default
5

By default, BitLocker protection is required for a computer to be able to write data to a removable data drive. Removable data drives that are not BitLocker-protected will be mounted as read-only. Only if the drive is protected by BitLocker, it will be mounted with read and write access permissions.

This policy may be disabled as follows:

  • Run the Local Group Policy Editor (gpedit.msc)
  • Navigate to:
    Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives
  • Double-click to edit "Deny write access to removable drives not protected by BitLocker policy"
  • Click Disable and OK.

This option should have been Off by default. If this is a work computer, where it is set by the administrator, you may not be able to disable it.

An alternative way is by registry changes:

Enabling read-write access

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FVE]
"RDVDenyWriteAccess"=dword:00000000

Disabling read-write access

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FVE]
"RDVDenyWriteAccess"=dword:00000001

For a work computer: This is possibly a breach in the security policy of your company. Use at your own risk.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .