How to Prevent Windows 11 from Encrypting Drives Automatically? Enabling Secure Boot in order to install Windows 11 may have unintended repercussions you may discover that Bitlocker is activated automatically and begins encrypting the drive without your explicit permission.
Table of Contents
How to Prevent Windows 11 from Encrypting Drives Automatically?
Although Microsoft has not confirmed this, there is widespread user conjecture that this automated drive encryption carried over from BitLocker occurs automatically on certain OEM PCs once Secure Boot is activated.
This is only true for Windows 11 Pro, Education, and Enterprise editions, as Bitlocker is not present in Windows 11 Home.
This appears to differ from OEM to OEM in some circumstances, it is activated by a PS script, while in others, it is activated by a Group Policy.
However, regardless of the specific cause, there are techniques to prevent Windows 11 from automatically encrypting your OS drive. There are three alternative ways to disable the automatic driver encryption feature in Windows 11:
- Disable Bitlocker Encryption using the Control Panel: This is the simplest approach to disable the automated encryption feature. You may achieve this by using the original Control Panel interface and modifying Bitlocker’s functionality under the System and Security tab.
- Disable BitLocker Encryption Using Windows Terminal: You can also disable BitLocker encryption using a sequence of Powershell commands from an elevated Windows Terminal window.
- Disable BitLocker Encryption Using a.BAT File: This is the most advanced technique of disabling Bitlocker encryption. You must develop and execute a.BAT file that will stop the presently enforced encryption and ensuring that your operating system does not attempt to re-encrypt the drive in the future.
Methods to Prevent Windows 11 from Encrypting Drives Automatically
Each of these approaches accomplishes the identical goal (disabling BitLocker encryption), although the excitement level varies slightly. Feel free to choose any method you prefer from the alternatives listed below.
Method 1: Disable Bitlocker Encryption using the Control Panel
If you want the simplest option out of the group, this is it. You can stop the encryption from the BitLocker Drive Encryption menu by using the old Control Panel interface to enter the System and Security tab. This method is simple to use, but bear in mind that depending on your OEM, the encryption feature may be re-enabled if you disable and re-enable the secure boot option in your BIOS or UEFI settings.
To deactivate the automated BitLocker Encryption using Control Panel, follow the steps below:
- To launch the Run dialogue box, press Windows key + R. Then, in the text field, write ‘control’ and click Enter to bring up the old Control Panel interface.
- Once within the Classic Control Panel interface, select System and Security from the available options.
- Next, select BitLocker Drive Encryption from the System and Security menu.
- Click the Turn off Bitlocker button inside the BitLocker Drive Encryption options.
- When asked by the User Account Control box, click Yes to allow administrator privileges, then at the confirmation prompt, click the Turn off Bitlocker button.
- Wait patiently for the drive to be encrypted. You may check if the operation was successful by launching File Explorer and looking for the encryption icon on your OS drive.
- Once you’ve confirmed that the encryption has already been removed, restart your computer and inspect to see if the drive is still unencrypted after the next startup.
Method 2: Disable BitLocker Encryption Using Windows Terminal
Another method for disabling BitLocker encryption and ensuring that your drive is not re-encrypted in the future is to utilise an elevated Windows Terminal window to execute a sequence of Powershell commands that will unlock the present OS drive and disable automatic encryption.
Helpful Hint: If the problem is with your machine or laptop/notebook, use Restoro Repair to scan the archives and replace corrupt and missing data. This works in most circumstances if the problem is caused by a system corruption. You may get Restoro by clicking here.
Note: Please keep in mind that you will require an administrative account to carry out this procedure.
To deactivate the automatic BitLocker encryption on Windows 11, use the Windows Terminal as described below:
- To launch the Run dialogue box, press Windows key + R. Type ‘wt’ into the run box and press Ctrl + Shift + Enter to launch a Windows Terminal with administrative privileges.
- To check the state of your BitLocker encryption, enter the following command into the terminal programme and hit Enter:
Note: If there is no space between manage-bde and -status, the command will fail.
- To effectively disable BitLocker encryption for the operating system drive, run the following command:
Disable-Bitlocker -MountPoint "C:"
Note: Please remember that the letter ‘C’ is merely a placeholder. If your operating system drive is different, modify the command above to suit it. Also, there must be a gap between Disable-Bitlocker, -mountPoint, and “C:” otherwise the command will fail.
- Wait until the procedure is finished after you press Enter. At the end of this procedure, you should receive a report with the current Protection Status.
- To make the modification permanent, exit Windows Terminal and restart your computer.
Method 3: Disable BitLocker Encryption Using a.BAT File
The final (and most sophisticated) method of removing BitLocker encryption and ensuring that it does not automatically re-encrypt your storage at a later time is to write and run a.BAT file which will auto-disable BitLocker encryption.
It will deactivate any associated dependencies that may require the encryption capability to be re-enabled at a later time.
If you aren’t frightened of using your own.BAT files, this is perhaps the best way to deal with this issue and ensure that the change is permanent:
- To launch the Run dialogue box, press Windows key + R. Next, type ‘notepad’ into the text box, and press Ctrl + Shift + Enter to launch a notepad window with administrative privileges.
Note: To grant admin access, click Yes at the User Account Control box.
- Once inside the authorized Notepad window, copy and paste the following command into the empty box:
fsutil behavior set disableencryption 1 cipher /d /s:C:\ reg add "HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices" /v "TCGSecurityActivationDisabled" /t REG_DWORD /d "1" /f sc config BDESVC start= disabled sc config "EFS" start= disabled
- Once the command has been entered correctly, click on File from the top ribbon, then Save as from the context menu.
- Set a location and name of your choice inside the Save As a panel, but make sure the Save as Type is set to All Files, and then add ‘.bat’ to the end of the File Name.
- Following that, click save and wait is for the file to be created.
- Navigate to the folder where you saved the.BAT file, then right-click it and select Run as Administrator from the navigation pane.
- At the confirmation screen, select Yes and wait until the procedure is finished and the automatic BitLocker encryption is turned off.