New-CMRDVDenyWriteAccessPolicy
Create a policy to configure whether BitLocker protection is required for removable data drives to be writable on a computer.
Syntax
New-CMRDVDenyWriteAccessPolicy
[-PolicyState <State>]
[-AllowWriteAccessToExternalOrganizationDrives]
[-DisableWildcardHandling]
[-ForceWildcardHandling]
[<CommonParameters>] Description
Create a policy to configure whether BitLocker protection is required for removable data drives to be writable on a computer.
Examples
Example 1: New default enabled policy
This example creates a new policy that's enabled
New-CMRDVDenyWriteAccessPolicy -PolicyState EnabledParameters
-AllowWriteAccessToExternalOrganizationDrives
Add this parameter to allow a removable data drive to be writeable without checking identification fields.
If you don't add this parameter, only drives with identification fields matching the computer's identification fields are writeable. When the system accesses a removable data drive, Windows checks for a valid identification field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" policy setting. For more information, see New-CMUidPolicy.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisableWildcardHandling
This parameter treats wildcard characters as literal character values. You can't combine it with ForceWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ForceWildcardHandling
This parameter processes wildcard characters and may lead to unexpected behavior (not recommended). You can't combine it with DisableWildcardHandling.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PolicyState
Use this parameter to configure the policy.
Enabled: If you enable this policy setting, Windows mounts all removable data drives that BitLocker doesn't protect as read-only. If BitLocker protects the drive, Windows mounts it with read and write access.DisabledorNotConfigured: If you disable or don't configure this policy setting, Windows mounts all removable data drives on the computer with read and write access.
| Type: | State |
| Accepted values: | Enabled, Disabled, NotConfigured |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
None
Outputs
Microsoft.ConfigurationManagement.AdminConsole.BitlockerManagement.PolicyObject