New-CMRDVDenyWriteAccessPolicy

Create a policy to configure whether BitLocker protection is required for removable data drives to be writable on a computer.

Syntax

New-CMRDVDenyWriteAccessPolicy
   [-PolicyState <State>]
   [-AllowWriteAccessToExternalOrganizationDrives]
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [<CommonParameters>]

Description

Create a policy to configure whether BitLocker protection is required for removable data drives to be writable on a computer.

Examples

Example 1: New default enabled policy

This example creates a new policy that's enabled

New-CMRDVDenyWriteAccessPolicy -PolicyState Enabled

Parameters

-AllowWriteAccessToExternalOrganizationDrives

Add this parameter to allow a removable data drive to be writeable without checking identification fields.

If you don't add this parameter, only drives with identification fields matching the computer's identification fields are writeable. When the system accesses a removable data drive, Windows checks for a valid identification field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" policy setting. For more information, see New-CMUidPolicy.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisableWildcardHandling

This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ForceWildcardHandling

This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PolicyState

Use this parameter to configure the policy.

  • Enabled: If you enable this policy setting, Windows mounts all removable data drives that BitLocker doesn't protect as read-only. If BitLocker protects the drive, Windows mounts it with read and write access.

  • Disabled or NotConfigured: If you disable or don't configure this policy setting, Windows mounts all removable data drives on the computer with read and write access.

Type:State
Accepted values:Enabled, Disabled, NotConfigured
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

None

Outputs

Microsoft.ConfigurationManagement.AdminConsole.BitlockerManagement.PolicyObject