3

I want to create a w10 bootable usb from a pc with bitlocker enabled. Everytime I plug an usb drive pc asks me if I want to encrypt the drive etc. When I have tried to create a bootable I receive the message "media is write protected" or something similar. Is there a way to create bootable usb with bitlocker enabled? I've disabled via "regedit" the automatic encryption but it not works.

Manuel Castro
  • 143
  • 1
  • 5
  • It's a different problem, in my case when the tool (i.e. rufus) unplug and plug again the usb drive it becomes "write protected".. – Manuel Castro Nov 22 '19 at 13:41
  • Say no to encryption when asked. –  Nov 22 '19 at 14:01
  • yep i did it and initially it works, as far I can understand at a certain momenti it "reboot" the usb and then it cannot write on it anymore. – Manuel Castro Nov 22 '19 at 14:08
  • @ManuelCastro You're overthinking it and you apparently don't know a few things you should for the task you intend. Just open disk management and remove the encrypted partition. If need be create a new FAT32 one. Rufus shouldn't care what 's in it anywe, as long it's not locked. –  Nov 22 '19 at 17:38

1 Answers1

4

By default, BitLocker protection is required for a computer to be able to write data to a removable data drive. Removable data drives that are not BitLocker-protected will be mounted as read-only. Only if the drive is protected by BitLocker, it will be mounted with read and write access permissions.

This policy may be disabled as follows:

  • Run the Local Group Policy Editor (gpedit.msc)
  • Navigate to:
    Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives
  • Double-click to edit "Deny write access to removable drives not protected by BitLocker policy"
  • Click Disable and OK.

This option should have been Off by default. If this is a work computer, where it is set by the administrator, you may not be able to disable it.

An alternative way is by registry changes:

Enabling read-write access

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FVE]
"RDVDenyWriteAccess"=dword:00000000

Disabling read-write access

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\FVE]
"RDVDenyWriteAccess"=dword:00000001

For a work computer: This is possibly a breach in the security policy of your company. Use at your own risk.

harrymc
  • 455,459
  • 31
  • 526
  • 924