Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Sunday, November 15, 2015 11:48 PM
We have the following group policy settings configured to ensure removable drives are encrypted and write-protect if not encrypted.
- Deny write access to removable data drives not protected by BitLocker (Enabled)
- Enforce drive encryption type on removable data drives (Enabled)
- Allow access to BitLocker-protected removable data drives from earlier versions of Windows (Enabled)
- Configure use of password for removable data drives (Enabled)
- Choose how BitLocker-protected removable drives can be recovered (Enabled)
This works well for removable drives. On 2 specific computer models we have fixed D: drives configured. The GPO settings above cause the fixed D: drive to become write-protected (error is "The disk is write-protected. Remove the write-protection or use another disk."). If the GPO is disabled the write protection on fixed D: drive is removed. Other computer models do not have this problem. The affected drives are Seagate ST500DM002 500GB Barracuda. I haven't yet tested the same drive in other computer models.
Anyone experiencing the same or know what may be the cause?
All replies (4)
Thursday, November 19, 2015 2:58 AM âś…Answered
Hi TechNet Social,
"Other computer models do not have this problem"
If the issue only occurred with the specific model machines, the driver could be the reason. Please try to download the latest driver version from the device manufacturer webbsite to have a check.
Have you tested with other models?
Due to the limited work environment, it is not available for me to test this issue on my side.
If you have any progress, please feel free to let me know that.
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Tuesday, November 17, 2015 2:46 AM
Hi TechNet Social,
It seems that the fixed drive is recognized as "Removable drive".
Please open an powershell command line and run "wmic logicaldisk get caption,description,drivetype,providername,volumename" to check the drive type of the D disk.
If the issue only occurred with the specific model, the driver could be the culprit.
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Thursday, November 19, 2015 1:09 AM
Hi MeipoXu
Thank you for your reply. Yes it does seems as though the fixed drive is being seen as a removable drive. However when I run your suggested wmic command here is the output:
Caption Description DriveType ProviderName VolumeName
C: Local Fixed Disk 3 SYSTEM
D: Local Fixed Disk 3 DATA
E: CD-ROM Disc 5
I should also add that C: and D: are on the same physical disk. Just to reiterate the D: drive becomes writable once the GPO is disabled. It seems very much like a bug either with Win10 or the group policy settings.
Thursday, November 19, 2015 4:32 AM
Thank you MeipoXu, installing the latest storage driver has fixed the problem. These machines are built by SCCM and I don't generally add storage drivers unless builds fail as a result. Obviously on this occasion I'll need to include them. Thanks again!