Deny write access to fixed drives not protected by BitLockerID: oval:org.secpod.oval:def:27661 | Date: (C)2015-10-08 (M)2023-07-04 |
Class: COMPLIANCE | Family: windows |
This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker.
If you enable this policy setting, all fixed data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.
If you disable or do not configure this policy setting, all fixed data drives on the computer will be mounted with read and write access.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives!Deny write access to fixed drives not protected by BitLocker
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies\Microsoft\FVE!FDVDenyWriteAccess
Platform: |
Microsoft Windows Server 2012 R2 |