[FIX] Unable to Turn on BitLocker for USB Drives

You may fail to enable the BitLocker encryption on the USB drive if the file format of the USB drive is incompatible with the BitLocker application or the BitLocker Encryption service is not running. Moreover, the wrong configuration of the Group Policy of your system may also cause the error under discussion.

The user encounters the issue when he fails to enable the BitLocker on the USB drives and does not see the USB in the BitLocker settings (Control Panel>> System and Security>> BitLocker Drive Encryption). Also, if the user right-clicks on the USB drive in the Windows Explorer, no BitLocker option is shown.

Before moving on to enable BitLocker on a flash drive, make sure to create the backup of the essential data on the USB drive (as the data may be lost when attempting the under-mentioned solutions). Also, the BitLocker encryption may not work on the USB drive if you are trying to enable the encryption through a Remote Desktop Connection. Moreover, check if the USB drive has enough space available. Last but not least, make sure to update the Windows and drivers of your system to the latest build.

Solution 1: Enable the BitLocker Encryption Service

The BitLocker encryption might not work if the BitLocker Drive Encryption service is disabled (or not running). In this case, enabling the above-mentioned BitLocker service may solve the problem.

1. Press the Windows key and type (in the Windows search): Services. Now, right-click on the result of services, and in the mini-menu, choose Run as Administrator.

   

2. Now, right-click on the BitLocker Drive Encryption service and select Start (or Restart).

   

3. Once the BitLocker service is started, check if the USB can be encrypted by using the BitLocker.

Solution 2: Uninstall the Conflicting Update

If you were able to use the BitLocker on the USB drives but now the functionality is not available, then the issue could be a result of a conflicting update. In this case, removing the conflicting update may solve the problem.

1. Press the Windows key and open Settings.
2. Now select Update & Security and open View Update History.

   

3. Then click on Uninstall Updates and select the problematic update (the KB4579311 and KB2799926 updates are known to create the issue).

   

4. Now click on Uninstall and then let the update uninstall.

   

5. Then reboot your PC and check if the BitLocker is enabled for the USB drives.

   

Solution 3: Edit the Group Policy

You may fail to enable BitLocker on the USB drive if the Group Policy of your system is configured to bar the system to use the BitLocker on external drives. In this context, editing the Group Policy to allow the BitLocker to be used on the external drives may solve the problem.

1. Press the Windows key and type (in the search box): Group Policy Editor. Now, open Edit Group Policy.

   

2. Now, in the left pane, expand Computer Configuration, and under it, spread Administrative Templates.
3. Then expand Windows Components and under it, spread BitLocker Drive Encryption.
4. Now select Removeable Data Drives and then, in the right pane, double-click on Control Use of BitLocker on Removeable Devices.

   

5. Then, in the new window, select the radio button of Enabled, and in the Options section, checkmark both options (i.e., ‘Allow Users to Apply BitLocker Protection On Removeable Data Drives’ and ‘Allow Users to Suspend and Decrypt BitLocker Protection On Data Drives’).

   

6. Now apply your changes and reboot your PC to check if the BitLocker issue is resolved.

Solution 4: Use the Diskpart to Set the USB Drive as Inactive

You may fail to enable BitLocker on the USB drive if the USB drive is marked active in the Disk Management (because the essential OS files are placed on an Active drive). In this scenario, making the USB drive Inactive through the Diskpart may solve the problem.

1. Launch the Power User menu by right-clicking on the Start menu button and choose Disk Management.

   

2. Now, check if the USB device is marked as Active. If so, then note down the Disk ID (for example, Disk 1).

   

3. Then press the Windows key and type (in the search box): Command Prompt. Now, right-click on the result of the Command Prompt, and in the sub-menu, choose Run as Administrator.

   

4. Then execute the following:

   Diskpart

5. Now execute the following:

   List Disk

6. Then execute the following (use the Disk ID noted at step 2, for example, Disk 1):

   Select Disk 1

7. Now execute the following:

   List Partition

8. Now execute the following to select partition 1 (hopefully, the USB will have only one partition):

   Select Partition 1

9. Now type the following:

   Inactive

   

10. If the USB has more than one partition, repeat steps 8 and 9 to mark all the USB partitions as inactive.
11. Now type ‘Exit’ to close the Diskpart and then close the Command Prompt.
12. Then remove the USB drive and reboot your PC.
13. Upon reboot, reinsert the USB drive and check if the BitLocker can be enabled on the USB drive.

Solution 5: Format the USB Drive and Convert it to GPT

If the issue is still there, then you may have to repartition and format the USB drive. But make sure to backup the essential data on the drive.

Create a New Simple Volume on the USB Device

1. Launch the Disk Management (by right-clicking on the Windows button) and select the USB drive.
2. Then, right-click on the partition and select Delete Volume.

   

3. Now confirm to delete the partition and let the process complete.
4. If the USB drive has more than one partition, make sure to delete all the partitions on the USB.
5. Then right-click on the unpartitioned space in the USB and select New Simple Volume.

   

6. Now follow the prompts to complete the process but make sure to select NTFS and do not use the Quick Format option.
7. Once the USB drive is formatted, detach it from the system.
8. Then connect the USB drive to the system and check if the BitLocker can be enabled on the USB.
9. If the issue persists, then check if shrinking the partition size resolves the BitLocker issue (sometimes the BitLocker requires some free space before and after the partition that you want to encrypt).

Convert the USB to GPT Disk

If that did not do the trick, then you may have to set up the USB drive as GPT.

1. Launch the Disk Management (as discussed above) and delete the partitions on it (by repeating the above-mentioned steps 1 to 5).
2. Now, right-click on the USB drive and choose Convert to GPT Disk.

   

3. Then, let the process complete and partition/format the USB drive.
4. Now, remove the USB from the system and reboot your PC.
5. Upon reboot, reinsert the USB drive and hopefully, the BitLocker can be enabled on the USB.

If the issue persists, then you may try a 3^rd party utility (like HDD LLF) to perform a low-level format on the USB drive and check if the BitLocker issue is resolved.