0

A number of posts at various sites, including Super User, have claimed that installing, Windows 11 encrypted the main drive and other local drives without the user's request.

Is it possible that Windows 11 is encrypting the main drive automatically? If so, is there any way to prevent that encryption?

[One reason to avoid that encryption is that it would be made under Microsoft's control, with credentials stored at Microsoft, as it's difficult to install Windows now with only a local account. In fact XDA Developer states, "Microsoft is now nagging Windows 10 customers to switch to a Microsoft account instead of using a local account."

Another reason is that it would encrypt all other drives... and if there were any error or outage during the process, all data on those drives could be irreparably lost.]

Improve this question
3
  • 1
    It's worth pointing out that BitLocker does not require a Microsoft Account to enable. There are false rumors that Microsoft is going to automatically enable BitLocker on both Home and Professional, those rumors are false. Device Encryption has always been required on Home devices of a certain form factor. BitLocker which can only be enabled on Professional, has similar requirements, on the same form factors. Upgrading to Windows 11 by itself does NOT enable BitLocker or Device Encryption automatically, I have upgrade countless VMs to Windows 11 without seeing that behavior.
    – Ramhound
    Commented May 6 at 17:08
  • @Ramhound, as you state, "BitLocker does not require a Microsoft Account," but the default for Windows 11 installation is that is is either very difficult or impossible to continue the installation without a MS account.
    – DrMoishe Pippik
    Commented May 6 at 17:30
  • The point of my comment was to highlight the fact, BitLocker being enabled or disabled, has little to do with the local account being linked to a Microsoft Account. BitLocker can be enabled regardless of if you are logged into a local account or a local account linked to a MSA.
    – Ramhound
    Commented May 6 at 20:33

1 Answer 1

Reset to default
1

Apparently, the answer is yes: Martin Brinkmann states on ghacks.net,

"A clean installation of Windows 10 or Windows 11 may enable Bitlocker drive encryption automatically. The main system partition and all fixed drives will be encrypted..."

"Problem is, since the encryption process happens automatically in this case, users may not be aware of it. This can lead to issues, for instance when reinstalling the operating system without saving the Bitlocker recovery key or using a Microsoft account. Access to files is lost in the worst case." [Emphasis added, ed.]

He also states that it can be prevented, but only through user action, i.e., the user must force opting out of encryption through a registry hack, using hidden features not known to the average user.

  • During installation, when selecting country or region,
  • Press ShiftF10 to open CMD prompt.
  • Type regedit and press Enter to open Regedit.
  • Go to the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLocker (normally, I'd state, by copying and pasting this to the location bar, but that would not be possible during installation).
  • Right-click on the BitLocker key and select New > Dword (32-bit) Value.
  • Name the value PreventDeviceEncryption.
  • Double-click that value to set it to 1.

Thanks to Brinkmann for clarifying that issue, and for a workaround! See the article cited above for more information on avoiding automatic encryption and on checking BitLocker status.

Thanks also to Ramhound for pointing out that encryption does not occur in all cases -- it apparently depends on the WIM supplied. For example, if an OEM-provided WIM has started Windows 11 installation with BitLocker set, the drive and attached drives will be encrypted on user completion of that installation, unless the above hack is employed.

Improve this answer
4
  • 1
    The article you quote indicates that only clean installations of Windows 10 or Windows 11 may enable BitLocker drive encryption. The article is also wrong, I just got through installing both Windows 10 and Windows 11 to VMs this weekend, and in both cases BitLocker was not enabled.
    – Ramhound
    Commented May 6 at 17:11
  • @Ramhound, thanks, I've changed that to clean installation, and dependent on the WIM -- apparently, some PC makers are starting installation with BitLocker set. Unfortunately, it does not inform the user.
    – DrMoishe Pippik
    Commented May 6 at 17:26
  • I know a windows update for Windows 11 was released that will enable drive encryption, so when you get that update, at some point in the background the drives get encrypted.
    – LPChip
    Commented May 6 at 18:29
  • It was a change with 25905 and only applies to Windows 11 not Windows 10. So the article that says Windows 10 and Windows 11 is incorrect. It's difficult to validate the change because the blog article says nothing and all other articles are referencing the same ghacks article which IMO is not valid.
    – Ramhound
    Commented May 6 at 22:36

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .