12. Enable Bitlocker on USB drives over RDP

By default, bitlocker does not allow encryption to be enabled on USB devices over RDP connections – this happens because RDP treats USB drives as mapped network drives and not external drives. This enables direct drive access for RDP connections. This is unsafe.

Enable bitlocker on usb drives over rdp policy

Computer Configuration › Administrative Templates › System › Removable Storage Access

All Removable Storage: Allow direct access in remote sessions

Enabled

Updated: 2021-02-19 Reference