How to disable Bitlocker encryption in Windows 11 setup

You can turn off Bitlocker device encryption in the Windows 11 setup program which is enabled by default. On one hand, it will reduce your device protection level, but on the other hand you can easily access your data by connecting the drive to a different PC. This can be of help if your primary computer is out of order.

Windows 11 version 24H2, the upcoming version of the OS, enables Bitlocker device encryption on a wider range of devices. This will happen even on devices running Windows 11 Home. Previously, the OS checked the BIOS settings for the OEM configuration. And in the Home edition, encryption was omitted. Also, the company has removed checks for Modern Standby/HSTI and DMA ports, so encryption is now automatically enabled on more devices during a clean install of Windows 11.

The user may not be aware that Windows has automatically encrypted their hard drives. If you subsequently need to reinstall the operating system, and the BitLocker recovery key is not saved, then all user data will be lost. This would not be that critical if Windows only encrypted the system drive (C:), and not all the drives.

Additionally, BitLocker encryption can have a significant impact on device performance, even when using ultra-fast SSDs such as PCIe Gen4 NVMe. The fact is that during read and write operations, Windows 11 is constantly encrypting and decrypting data. Performance losses can reach 45% in some of the scenarios.

If you are aware of the encryption existence, you can disable it under Settings > Security & Protection > Device Encryption. But if you are not aware, it can become an unexpected disaster. So it is a good idea to learn how to disable the feature.

Here are the steps you need to take in order to prevent Windows 11 from encrypting the drives during its setup.

Turn off Bitlocker Drive Encryption for Windows Setup

To disable Bitlocker encryption in Windows 11 setup, do the following.

  1. When installing Windows 11, wait for the Region selection (OOBE).
  2. On the Region and country screen,  press Shift + F10.
  3. A command prompt will open. There, type reg add HKLM\SYSTEM\CurrentControlSet\BitLocker /v PreventDeviceEncryption /d 1 /t REG_DWORD /f, and press Enter.
  4. Now type exit, or simply close the command prompt.
  5. Continue installing Windows 11 as usual. It won't encrypt your drive.

You are done!

ℹ️ The new behavior is default starting with Canary build 25905, as first spotted by @PhantomOfEarth.

Save your time with the Rufus app

However, if this console Registry modification for you is too much, you may go with the Rufus app instead.

Check the Disable Bitlocker automatic device encryption option on the Windows User Experience page. This will customize the bootable USB image and save you from unwanted encryption.

Finally, if you have already installed Windows 11 with an encrypted drive, you may be interested in disabling it after that. Thankfully, it is not a hard task. There's an option in the Settings app, and the console manage-bde tool. Here are the details.

Disable BitLocker Drive Encryption in Windows 11 After Installation

To turn off disk encryption with BitLocker after installing Windows 11, do the following.

  1. Open the Settings app (Win + I).
  2. On the left, click on Security & privacy.
  3. Then on the right, click Device encryption.
  4. Turn off the "Device encryption" toggle option.
  5. Restart the computer if prompted.

This is how you disable the BitLocker Drive Encryption in the installed Windows 11.

Alternatively, you can use the console tool manage-bde to achieve the same result.

Using manage-bde to turn off disk encryption with BitLocker

  1. Open the Terminal app as Administrator by right-clicking the Windows logo button in the taskbar and selecting the app from the menu.
  2. In the PowerShell tab, type manage-bde -status and press Enter. This will show you all the encrypted drives.
  3. Now, type manage-bde -off <drive letter:> and replace drive letter with your actual drive value. For example: manage-bde -off C:.
  4. You can now close the Terminal app.

That's it.

Source

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published.

Exit mobile version
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.