Fixed data drive encryption settings

This policy setting allows you to manage whether fixed data drives must be encrypted or not.

When enabling this policy, you must not disable the "Configure use of password for fixed data drives" policy unless the use of Auto-Unlock for fixed data drive is allowed or required.

When requiring the use of Auto-Unlock for fixed data drives, you must configure OS volumes to be encrypted.

If you enable this policy setting, the user will have to put all fixed data drives under the BitLocker protection, and drive will be encrypted.

If you disable this policy, the user will not be able to put all fixed data drives under BitLocker protection. Note that applying this policy after fixed data drives are encrypted will result in their decryption.

If you do not configure this policy setting, then it is not required to put fixed data drive under the BitLocker protection.

Supported on: At least Windows 7

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
Value NameShouldEncryptFixedDataDrive
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

This policy setting allows you to manage whether the fixed data drive must be encrypted or not.

Configure Auto-Unlock for fixed data drive:


  1. Allow Auto-Unlock
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
    Value NameAutoUnlockFixedDataDrive
    Value TypeREG_DWORD
    Value2
  2. Require Auto-Unlock
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
    Value NameAutoUnlockFixedDataDrive
    Value TypeREG_DWORD
    Value1
  3. Do not allow Auto-Unlock
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement
    Value NameAutoUnlockFixedDataDrive
    Value TypeREG_DWORD
    Value0


bitlockermanagement.admx

Administrative Templates (Computers)

Administrative Templates (Users)