Fix Access Denied When Opening BitLocker Encrypted Drive Over RDP

Allow Opening BitLocker Encrypted Removable Drive over RDP

If you have a BitLocker encrypted USB stick connected to a computer that you are accessing over the Remote Desktop (RDP), you will see the "Access Denied" message once you try to unlock the drive. These are security defaults in Windows 10 which limit access to encrypted drives. Here is how to configure the OS to open such encrypted removable drives.

BitLocker was first introduced in Windows Vista and still exists in Windows 10. It was implemented exclusively for Windows and has no official support in alternative operating systems. BitLocker can utilize your PC's Trusted Platform Module (TPM) to store its encryption key secrets. In modern versions of Windows such as Windows 8.1 and Windows 10, BitLocker supports hardware-accelerated encryption if certain requirements are met (the drive has to support it, Secure Boot must be on and many other requirements). Without hardware encryption, BitLocker switches to software-based encryption so there is a dip in your drive's performance. BitLocker in Windows 10 supports a number of encryption methods, and supports changing a cipher strength.

Butlocker Drive Encryption

Note: In Windows 10, BitLocker Drive Encryption is only available in the Pro, Enterprise, and Education editions. BitLocker can encrypt the system drive (the drive Windows is installed on), and internal hard drives. The BitLocker To Go feature allows protecting files stored on a removable drives, such as a USB flash drive.

To enable access to a BitLocker-protected removable drive in a Remote Desktop Session, Windows 10 offers you at least two methods, a Group Policy option, and a Group Policy Registry tweak. The first method can be used in editions of Windows 10 that come with the Local Group Policy Editor app. If you are running Windows 10 Pro, Enterprise, or Education edition, then the Local Group Policy Editor app is available in the OS out of the box. Alternatively, you can apply a Registry tweak. Let's review these methods.

To Fix Access Denied When Opening BitLocker Encrypted Drive Over RDP

  1. Open the Local Group Policy editor app, or launch it for all users except Administrator, or for a specif user.
  2. Navigate to Computer Configuration > Administrative Templates > System > Removable Storage Access on the left.
  3. On the right, find the policy setting All Removable Storage: Allow direct access in remote sessions.BitLocker Allow Direct Access In Remote Sessions
  4. Double-click on it and set the policy to Enabled.
  5. Restart Windows 10.

You are done.

Here's how to do the same with a Registry tweak.

Allow Opening BitLocker Encrypted Removable Drive over RDP in Registry

  1. Open the Registry Editor app.
  2. Go to the following Registry key.
    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices
    See how to go to a Registry key with one click.
  3. On the right, modify or create a new 32-Bit DWORD value AllowRemoteDASD.
    Note: Even if you are running 64-bit Windows you must still create a 32-bit DWORD value.
  4. Set its value to 1.BitLocker Allow Removable Drive Access In Remote Sessions
  5. Restart Windows 10.

That's it.

1 thought on “Fix Access Denied When Opening BitLocker Encrypted Drive Over RDP

  1. Timea

    I get an Access Denied error when I mount a normal bitlocker VHDX too. I have to click ok and unlock it.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *