Score:0

Can we prevent Windows from marking NVMe drives as removable?

mx flag

I've noticed recently that when adding NVMe drives to Windows, it has a tendency to mark them as removable. I think this is more likely on "enterprise" NVMe SSDs, at least in my experience. For my own PC or less critical stuff, I'm not too bothered when it shows up in the system tray offering to safely eject it, since otherwise there's no other ill effects. Note that in almost all cases I'm using the Microsoft NVMe driver.

Where I start having issues is on servers, especially when I want to Bitlocker a volume on an NVMe drive. Bitlocker insists that since the drive is removable, it must be "Bitlocker To Go", and thus auto-unlock can only be done at a user level, not a system level. The problem also extends to Storage Spaces built on these "removable" NVMe drives, and Bitlocker treats the Storage Space as "removable" as well.

So firstly: Is there a way to override the removable flag for NVMe drives (individually or as a whole)?

If that cannot be done, can I override the removable flag in Storage Spaces so that the software disk is not marked as removable?

And finally, if all else fails, is there a way to force Windows to set up system-level auto-unlock on a removable disk?

Score:0
au flag

I can only offer a workaround. The drive should be unlocked automatically but should still be secured (inaccessible when not inside that machine).

So you may setup a scheduled task that unlocks it using the recovery password. The script goes

manage-bde -unlock x: -rp 177199-319715-458425-...somekey...-323378-554136-596024-011627

This is only secure when you can make sure that the script file is inaccessible to untrusted parties. Best would be to store it on a network share of a secured server.

DraugTheWhopper avatar
mx flag
I was aware of this option, but I'm really hesitant to use it because it goes so far outside of the "regular" way of doing Bitlocker.
Bernd Schwanenmeister avatar
au flag
Yes, I agree. I'd ask the manufacturer of the hard drive controller (NVME Interface) if this behavior is expected and make him realize what problems it causes.
DraugTheWhopper avatar
mx flag
Well, in the SATA days, we could ask the controller to pretty please mark disks correctly, but doesn't the game change completely once you're in NVMe world? After all, there is no "controller" except for the Microsoft driver that turns NVMe into Windows block storage. Is it really a case of all these enterprise SSDs sending an incorrect NVMe flag that somehow marks it as removeable? I get that maybe it's worth marking as "hotpluggable", but Windows still treats it as "removeable", with all the ensuing annoyance.
Bernd Schwanenmeister avatar
au flag
"After all, there is no "controller"" - I am not sure what you mean by that. On my board, there's for example a "Samsung NVMe controller" in device manager and surely, there will be driver updates for that one that might correct problems, possibly yours. Possibly, fixes like https://support.microsoft.com/en-us/topic/internal-sata-drives-show-up-as-removeable-media-1f806a64-8661-95a6-adc7-ce65a976c8dd exist for your NVMe controller driver, too. It could also be that your UEFi firmware offers settings for your NVMe.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.