Bitlocker - "Turn on Bitlocker" vanished for USB Drives

Julian Floyd 96

Hello,
I run Win 10 Pro machines both at work (on a Domain) and Home (standalone machines - both situations have the same problem. All machines are 2004 with the latest patches.

Until recently I could bitlocker Encrypt external USB Drives (memory sticks etc) by either the "Turn on Bitlocker" option in the Explorer Context Menu or within Bitlocker in the Control panel.

This option has vanished (since the last windows updates?).

If I insert an unencrypted USB Drive there is no way to encrypt it but if I insert a previously encrypted drive then the "Manage Bitlocker" option is present in the context menu.

Does anyone know how to get back the facility to encrypt such drives?

Thanks,
Julian

Andrew Eckrich 16 Reputation points

2020-10-29T20:51:54.013+00:00

Windows pcs get the USB software/hardware by installing the pc chipset driver/software,this also runs networking/video-audio/etc,get the update thru the pc mfg or the pc hardware mfg (Intel-AMD-etc).Also,Bitlocker settings can be had by open cmd,in cmd type: services.msc
in msc,scroll to a service,double click,set to auto start or manual start up,exit msc when thru.Also,in run or cmd type: diskmgmt.msc in msc L.click on a device,go up to Actions/all/make active.This lets all/any storage device to work with the OS.Also,with all/most current OS,a disk mgmt software is usually pre installed,Intel runs Intel Storage Mgr,or Intel storage matrix,go to intel.com for a update,but 1st run the chipset software/driver...
Dale Kudusi 3,216 Reputation points

2020-11-02T02:58:41.483+00:00

Hi, @Julian Floyd
Was the issue resolved?
If any reply is useful for you, please accept it as answer.
If you have any issue or concern, please reply to us directly.
Best Regards.
Jameson P 46 Reputation points

2020-11-06T00:23:36.15+00:00

This issue is not resolved for any of us. Please escalate this to the correct Microsoft team. It's not just this users' computer. I've tried it on five separate PCs with various build versions (1909, 2004) and all experience the same issue.
Armin 1 Reputation point

2021-02-26T16:52:37.437+00:00

Same here (with latest Builds) Fix this ASAP pls

Meanwhile set Partition inactive (with Diskpart)
Mika Misaki 31 Reputation points

2021-03-05T19:01:43.947+00:00

Bitlocker will only work on NTFS partitions so external drives must be formatted for NTFS. If you have formatted your drive to NTFS and this is still happening, go to drive management, delete the partition and recreate it as NTFS. Then remove and plug the USB device back in to restore the option to enable Bitlocker.

File systems that utilize MBR will no longer work with Bitlocker. NTFS does not use MBR (Modern systems utilize UEFI for NTFS) where as Fat32 (Which most sticks are defaulted to at the factory) utilize MBR. To properly remove the MBR partition (which won't appear in disk management), deleting the partition will automatically remove the MBR from the device. The default windows format option does NOT do this as it doesn't delete partitions, it merely formats them thus often preserving the MBR even if it's not being used.
Mike Epstein 6 Reputation points

2021-04-15T01:23:50.997+00:00

Thanks you so much!! I had a PNY SSD formatted NTFS and Bitlocker would not recognize it. The "tech help" at PNY was absolutely no help at all. Useless. He essentially said it was the fault of Microsoft and was no help. So I gave up until I read your suggestion. I deleted the partition and recreated it and Bitlocker now recognizes it. Thanks again!!!
Mika Misaki 31 Reputation points

2021-04-15T02:53:32.13+00:00

You are quite welcome :)

I know a lot of people aren't super helpful when it comes to this stuff. Fortunately some of us IT professionals still roam the interwebs aiming to help people whenever possible.
CozMyN 6 Reputation points

2021-04-20T22:34:27.833+00:00

Thank you so much! You're a life saver. :)
campbellkerr 106 Reputation points

2021-05-24T07:27:33.25+00:00

Note that BitLocker is not available on Win7 Pro (only Enterprise).

I spent way too much time searching for an answer only to realise I don't have the right Windows 7 version 🤪
IAN_TR_34 1 Reputation point

2021-06-04T09:53:33.547+00:00

thank you so much MikaMisaki for information....
George R 1 Reputation point

2021-08-03T16:19:57.517+00:00

I don't know if anyone is still having problems with this, but I was finally able to get it to work for our org.

Edit these 2 values in regedit:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE

RDVAllowBDE to 1
RDVConfigureBDE to 1
Dapinder Sandhu 1 Reputation point

2021-08-15T21:53:19.973+00:00

I had exactly the same issue where "Turn on Bitlocker" was not available in File Explorer and neither in Control Panel. The user requirements were to encrypt with FAT32 as encrypting with NTFS wouldn't work on few older Windows computers. For some reason, it didn't work formatting even from Disk Management window.
I used DISKPART to format the usb with FAT32 and after that the "Turn on Bitlocker" option was available from within File Explorer. If anyone interested, use the following commands from command prompt or powershell:

Step 1: Run CMD “As Administrator”
Step 2: Type DISKPART
Step 3: LIST DISK
Step 4: SELECT DISK n; where n is USB drive
Step 5: CLEAN
Step 6: CREATE PARTITION PRIMARY
Step 7: FORMAT FS=NTFS QUICK
Step 8: ACTIVE
Step 9: ASSIGN
Step 10: EXIT

16 answers

Julian Floyd 96 Reputation points

2020-11-05T19:35:24.58+00:00

A friend at work discovered the following:
Insert the USB stick in question - In Disk Manager right click on the partition and Delete Volume then New Simple Volume. After this the Explorer Context menu has the Turn on Bitlocker function.
We tested on a few work machines and it worked - however, you need admin rights and our users at work dont!
Does this help anyone diagnose the issue?
Thanks,
Julian
Please sign in to rate this answer.

14 people found this answer helpful.
Jameson P 46 Reputation points

2020-11-06T00:21:55.327+00:00

I discovered this workaround today as well.

The only step you are missing is after formatting in Disk Management, you need to physically disconnect and reconnect the removable drive. Then the "Turn on Bitlocker" button appears in the Explorer context menu.

Luís Novo 6 Reputation points

2021-01-08T12:23:24.297+00:00

Thank you!

Tweens 6 Reputation points

2021-01-14T15:49:20.71+00:00

Perfect! Thank you so much :)

Saroar Zahan 6 Reputation points

2021-03-02T08:33:55.3+00:00

Many Many Thanks JulianFloyd-5310....

It worked for me as well...

Have a nice day.....

Sami Nighaoui 1 Reputation point

2021-05-09T05:35:34.653+00:00

Thanks so much! It works like a charm :)

Sami Nighaoui 1 Reputation point

2021-05-09T05:37:08.753+00:00

Correct! Thanks.
Sign in to comment
McK 31 Reputation points

2020-11-12T13:19:24.467+00:00

Hello,

As far as I know, the Windows Update KB4577668 is causing this problem on Build 1809 (Pointed out by JMpofu-5147) and the Windows Update KB4577671 is causing it on Build 1909. An uninstall of these updates should resolve this problem temporarily, though the side effects doing so are not known right now.

I have some temporary workarounds for those who are not able to uninstall these updates.
It should be noted that admin privilege are required for both of these workarounds

Workaround 1:
As already stated by JulianFloyd-5310, one solution is to delete the volume of the desired drive in Disk Managment and then creating a volume again. After that you need to plug the USB drive out and in again. The BitLocker option should show up in the context menu of the USB drive after that.

Workaround 2:
Another solution is done with diskpart. Use this solution if you want to keep the contents of your USB drive.
Simply open a new cmd, type in diskpart and confirm adminprompt. In diskpart type in "list disk" and locate your USB drive. Select your USB drive with "select disk ###" (replace "###" with the desired number). Then type in "list partition" and select the primary partition with "select partition ###". After selecting both disk and partition, type in "inactive". Your drive should be set to inactive now and after plugging the USB stick out and in again, the BitLocker option should be available again.

I hope these infos and instructions help future victims of this problem.

Regards,
McK
Please sign in to rate this answer.

6 people found this answer helpful.
Juan Recabarren 1 Reputation point

2021-01-07T06:29:33.597+00:00

I can confirm this issue with the missing external USB drives in BitLocker still exists in Windows 10, but at least the second workaround made the trick for me, so thanks a lot McK.

JMpofu 1 Reputation point

2021-01-08T14:55:15.29+00:00

With some of the flash drives, even after setting the partition to inactive, they still would not bitlocker.

DukeHazord 1 Reputation point

2021-01-13T15:59:55.01+00:00

Your workaround 2 works like a charm, It's a shame Micorosft haven't provided an update to fix this mess

We found out that there were 2 updates that were causing 'Bitlocker To Go' to not recognize USBs on Windows 10 1909 machines: KB4577671 and KB4586786.

Has anyone heard anything from Microsoft yet regarding this issue? Could someone direct me as to how I can escalate this matter as well?

Regards,

DH

McK 31 Reputation points

2021-01-18T07:39:50.03+00:00

Hi Duke
We made an escalation back in November and just recently got an actual response. The mentioned Windows Updates blocked the option to activate BitLocker on USB-Sticks with an active partition. Here's their response:

Windows Engineering has decided to revert this change after finding out that several manufacturers are shipping USB Sticks with partitions marked as Active.

This issue should be gone after the next few updates.

John Anemone 1 Reputation point

2021-02-05T19:31:48.823+00:00

McK - Thanks! Workaround 2 was just what I needed!!

Alicia White 1 Reputation point

2021-03-08T16:30:46.88+00:00

I was having this issue on Window 10 v. 1909.

To resolve, I used Workaround #2: launched Diskpart in an elevated cmd prompt to set the partition on the USB drive to "inactive."

As far I could tell, KB4577671 is NOT installed on this system. I ran this command to get the full list of installed updates:

wmic qfe list full /format:table

Could another update be causing the issue?

Alicia White 1 Reputation point

2021-04-15T13:43:28.823+00:00

Workaround 2 fixed it for me! Thanks!
Sign in to comment
Dale Kudusi 3,216 Reputation points

2020-10-30T01:45:14.587+00:00
Hi,
Please first check whether your external hard drive is in the supported list:
The following table details which disk configurations are supported by BitLocker and what are not supported.
Drive configuration:
Supported:

Basic volumes

Not supported:

Software-based RAID systems

Bootable and non-bootable virtual hard disks (VHDs)

Dynamic volumes

RAM disks

Then, please make sure following group policy is enabled to allow Bitlocker to protect your removable data drive:
Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data drives
\Control use of Bitlocker on removable drives
Enable and check on "Allow users to apply BitLocker protection on removable data drives"

Best regards.

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Please sign in to rate this answer.
Mika Misaki 31 Reputation points

2021-04-15T02:56:04.15+00:00

Dale, your advice isn't going to fix this issue.

The user has to change their device from the standard MBR partition format to the UEFI format. You must be on a UEFI based Windows installation, delete the partition of the external storage device and create a new partition using this format which removes MBR.

Bitlocker no longer works with MBR
Sign in to comment
Bagitman 581 Reputation points

2020-11-02T18:42:39.177+00:00

Julian, please try the command line to encrypt these drives:
manage-bde -on x: -used -rp -pw
Please sign in to rate this answer.
Julian Floyd 96 Reputation points

2020-11-02T20:48:23.997+00:00

Thats interesting!
Thanks Bagitman-1090 I had not thought to try that.
Testing with the same USB Memory stick - no turn on bitlocker in the explorer context menu or in bitlocker in the control panel but the powershell (elevated) command line works - even more strange the context menu then contains the manage bitlocker options.
Reformat and repeated with the same results.
I will test on my work machines tomorrow - anyone have an explanation?
Thanks,
Julian

Dale Kudusi 3,216 Reputation points

2020-11-03T08:34:01.047+00:00

Hi,
might check following GPO setting
Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data drives
\Control use of Bitlocker on removable drives

Best regards.
Sign in to comment
thammer 1 Reputation point

2020-11-03T16:50:30.85+00:00

Hi DaleKudusi-MSFT, I have Win10 Pro on my laptop. I've tried your suggestion of editing the policy and Bitlocker remains grayed out. Not working. Thanks
Please sign in to rate this answer.

0 comments No comments
Sign in to comment