This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 60%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERJ%3C/text%3E%3C/svg%3E)
I have configured a Group Policy to force removable drive encryption via BitLocker. This works perfectly until someone uses and Iron Key encrypted drive. Then Bitlocker tries to Bitlock the already encrypted Iron Key drive. Ideally, we would like to force users to either Bitlock removable drives or use Iron Keys which have their own drive encryption. Is there a way to do this? Is there a way to bypass the Bitlocker check for Iron Keys when they are plugged into the PCs?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 23%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
You may either exclude or include Iron Key encrypted drive.
Insert Iron Drive.
Now open Device Manager.
Locate Iron Drive > Right-click it and select Properties > Details tab > Hardware Ids
Note down the VID and PID.
Open Group Policy.
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Removable Data Drives
Double-click Deny write access to removable drives not protected by BitLocker. > Enable it.
Click Show next to Configure allowed devices.
USB\VID_xxxx&PID_xxxx
Ok/Apply.
Open Command Prompt as Admin and run:
gpupdate /force