This is easy to repro. I have a virtual machine with Win7 32 with two hard drives (C: and D:). If I do the following: 1. Open the group policy editor on a desktop. 2. Go to Computer Configuration > Administrative Templates > Windows Components > Bitlocker Drive Encryption > Removable Data Drives 3. Enable "Deny write access to removable drives not protected by Bitlocker". 4. Reboot the desktop. bitlocker has mounted my D: drive as read only and I cannot figure out how to fix it. I thought that GPO would only apply to removable drives like USB drives, not fixed SCSI disks. Oddly, my C: drive remains writeable even though the hardware for the two disks is identical. What does bitlocker (or bitlocker to go?) use to decide what needs to be encrypted? How can I make it mount my second hard drive as read/write? Any help is appreciated.

Hi, I have had a test on my computer, but havenot encountered any problem. Can you please take a screenshot of Bitlocker Encryption Options and upload it here? It will show how System recognize D drive. Meantime, please go to Device Manager to get the drive's Hardware Ids here. TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedbackhere.Juke Chou TechNet Community Support

I have the screenshots you ask for but it says I can't upload them until my account is verified. Weird. This account is tied to my bizspark MSDN license, and of course I don't see anything helpful about how to verify the account. Here are the disk ids. I think being SCSI disks might be an important part of producing this issue. SCSI\DiskVMware__Virtual_disk____1.0_ SCSI\DiskVMware__Virtual_disk____ SCSI\DiskVMware__ SCSI\VMware__Virtual_disk____1 VMware__Virtual_disk____1 GenDisk

I found that in this two disk scenario, even if you put your page file on your D: drive, once you turn on this GPO bitlocker will still mount the disk ReadOnly causing an error message from windows about a problem creating the page file.

Hi, So system consider the D driver as removable data driver,right? Best regards, Jason Mei Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Yes thats why bit locker or "bit locker to go" insists on mounting it read only when you boot.

Hi, there are two way to solve this issue. 1. change the D driver to fixed disk. 2. enable bit locker on D driver. Best regards, Jason Mei Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

What do you mean fixed disk? Disk manager says its a basic disk, its not dynamic or spanned or fancy in any way.

Hi, Please run "MSinfo32" on the comptuer and then check if the D drive display as "Local fixed disk". Best regards, Jason Mei Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Yes, it is displayed as a local fixed disk.

escription Disk drive Manufacturer (Standard disk drives) Model VMware Virtual disk SCSI Disk Device Bytes/Sector 512 Media Loaded Yes Media Type Fixed hard disk Partitions 2 SCSI Bus 0 SCSI Logical Unit 0 SCSI Port 2 SCSI Target ID 0 Sectors/Track 63 Size 19.99 GB (21,467,980,800 bytes) Total Cylinders 2,610 Total Sectors 41,929,650 Total Tracks 665,550 Tracks/Cylinder 255 Partition Disk #0, Partition #0 Partition Size 100.00 MB (104,857,600 bytes) Partition Starting Offset 1,048,576 bytes Partition Disk #0, Partition #1 Partition Size 19.90 GB (21,367,881,728 bytes) Partition Starting Offset 105,906,176 bytes Description Disk drive Manufacturer (Standard disk drives) Model VMware Virtual disk SCSI Disk Device Bytes/Sector 512 Media Loaded Yes Media Type Fixed hard disk Partitions 1 SCSI Bus 0 SCSI Logical Unit 0 SCSI Port 2 SCSI Target ID 1 Sectors/Track 63 Size 3.00 GB (3,216,084,480 bytes) Total Cylinders 391 Total Sectors 6,281,415 Total Tracks 99,705 Tracks/Cylinder 255 Partition Disk #1, Partition #0 Partition Size 3.00 GB (3,218,079,744 bytes) Partition Starting Offset 65,536 bytes

Hi, Does this issue happen if we enable bitlocker on D driver?Best regards, Jason Mei Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I don't see how I can encrypt just the D drive. http://social.technet.microsoft.com/forums/en-US/itprovistasecurity/thread/ccd6e029-2c03-4da1-b459-8fba06cb2fc1 I also tried following the technet article here so I could answer your question and it tells me "this version of windows does not support this feature of bitlocker drive encryption. To use this feature upgrade the operating system (we're running windows 7 professional). http://technet.microsoft.com/en-us/library/cc732774.aspx Yup and if I disconnect the D: drive and hot plug it in while windows is running the bitlocker dialog comes up and says I can only use it read only unless I upgrade windows (from Win7 Pro). At any rate, this is not a viable solution because my organization does not *want* the hard disks on these machines encrypted, just the actual removable media. It should be really simple. I've just got a generic virtual machine in vCenter 5.0 running windows 7 professional. I enable the GPO ("Deny write access to removable drives not protected by bitlocker") and my second hard drive (D:) can only be used read only. That's not what the GPO is supposed to do, it should only effect removable media. The end users in my environment can add and remove USB drives, its not like they can add or remove their hard drives.

Hi, BitLocker is available in the Enterprise and Ultimate editions of Windows Vista and Windows 7. As Win 7 pro doesn't support bitlocker and Deny write access to removable drives not protected by Bitlocker is under biteloker setting, maybe this policy incompatible with win 7 pro. for your requirement, we can use the policy "Removable disks:deny write access"under Administrative Templates, System, Removable Storage Access. http://technet.microsoft.com/en-us/library/cc730808(v=ws.10).aspx http://technet.microsoft.com/en-us/library/dd835565(v=ws.10).aspx Best regards, Jason Mei Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

hi, Anyupdat? Best regards, Jason Mei Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I can produce this problem in Windows 7 Enterprise edition. Same steps as my first post. Same problem. The only difference is that in Windows 7 Enterprise I now can right click on my second local hard drive (D:) and "Turn on bitlocker..." is an option. Again, this is not acceptable. I shouldn't have to encrypt my second local hard drive when I turn on a GPO saying removable media has to be encrypted to enable write.

Hi, It seems the VM machine consider the second disk as removable disk. see below link from VMWARE. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1012225Best regards, Jason Mei Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

We have more testing to do but at first blush devices.hotswap = false looks like a winner

Removable Disks: Deny Write access is not working on windows 8 Enterprise Ediditon 6.2 9200. Could you please help me.