Prevent Saving Data on Non-BitLocker Protected Removable Storage Media in Windows 7
By default Windows 7 allows all users to write data on any removable storage media which is attached to the computer. In home environments this configuration is fair enough and should not modified. However in production environments where there are several computers in the network and contain highly sensitive data security becomes one of the major concerns. Administrators in these cases may want to control BitLocker permissions even on removable storage media devices to protect the organizations from any mishaps. As an administrator you can enforce any removable storage media to be mounted as a read only if it is not protected by BitLocker encryption by following the steps given below:
- Logon to the computer with administrator account.
- Click on Start button.
- At the bottom of start menu in search box type gpedit.msc and press enter key.
- On Local Group Policy Editor snap-in under Computer Configuration expand Administrative Templates and expand Windows Components.
- Expand BitLocker Drive Encryption and from expanded list select Removable Data Dirves.
- From the right pane double click on Deny write access to removable drives not protected by BitLocker.
- On the opened window select Enabled radio button and click on Ok button to accept and confirm your configuration.
- Close Local Group Policy Editor snap-in and open Command Prompt.
- In command window type gpupdate /force and press enter key to update your computer configuration with latest settings.
- Close Command Prompt.