BitLocker incorrectly reports that XenVbd disks are 'Removable data drives' and suggests that you use BitLocker To Go with them. However, the physical hardware and emulated NVMe drives show as 'Fixed data drives' and suggest that you use BitLocker.

Some Group Policy settings might get confused by this difference and treat XenVbd disks as removable, applying more stringent checks (for example, disallowing removable disks or requiring removable disks be mounted as read-only).

To have these drives correctly show up as fixed data drives in your Windows VM, you must set registry keys and a VBD property:

1. Set the following registry keys in your Windows VM:

    

   HKLM\System\CurrentControlSet\Services\XenBus\Parameters\VBD\AllowPdoRemove = 0
   HKLM\System\CurrentControlSet\Services\XenBus\Parameters\VBD\AllowPdoEject = 0
   

    

2. In XenServer, run the following xe command to set the property unpluggable on the VBD:

    

   xe vbd-param-set uuid=<vbd-uuid> unpluggable=false

    

These settings change which Group Policies are applied to the disk, especially the "Mark non-BitLocker enabled removable disks as read-only" and "Disallow removable disks" policies, and similar settings enforced by 3rd party security software.