This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker. If you enable this policy setting, all fixed data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access. If you disable or do not configure this policy setting, all fixed data drives on the computer will be mounted with read and write access. Counter Measure: This policy requires users to fully encrypt their drives prior to granting write access. Additionally, users who have encrypted their drive with BitLocker in another organization will not be able to write data to their drives until they re-encrypt with your organizations configuration of BitLocker. Potential Impact: Drives without BitLocker protection or are BitLocker protected but we not encrypting in your organization will be read-only. Drives encrypted with BitLocker in another organization will be read-only. This policy cannot be used in conjunction with Startup Keys or Recovery Keys. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\Deny write access to fixed drives not protected by BitLocker (2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies\Microsoft\FVE!FDVDenyWriteAccess