BitLocker is a security feature, which can be activated by Windows users, which protects data by encrypting the entire storage medium. The protection extends to the entire drive where the operating system is installed and the data encryption occurs using the AES cryptographic algorithm.
In general, it should be the user who requests BitLocker activation, especially when he needs to move his notebook from one place to another. When there is a risk of losing the device, the possibility that it could be stolen or in any case that it could fall into the hands of unauthorized users, then the need to protect data with a solution like BitLocker it becomes more pressing. We clarified this in the article on what BitLocker is and when it should be enabled from a GDPR perspective.
The important thing is not to limit yourself to using the chip TPM for storing the encryption key used by BitLocker. It is essential to set BitLocker to require a PIN on startup. Otherwise, different attack modes are possible that allow systems protected with BitLocker to be unlocked, without the authorization of the legitimate owner of the system, even in the most modern configurations.
Microsoft can enable BitLocker without your knowledge
The trend is that Microsoft automatically activate BitLocker more and more often, already during the installation of Windows. In the past we have reported cases of users who complained of not being able to access their PC, after a major change to the hardware level (for example to the BIOS), because they were asked for the BitLocker recovery key.
The recovery key is an alternate passkey used to unlock the BitLocker encrypted drive in case the user has lost their password or there is a problem with recognizing the master key. It’s a security measure important to ensure that you do not lose access to your encrypted data. This valuable information can be saved in several ways: as a file, to the user’s Microsoft account, or printed on paper.
Sometimes, however, users are not even aware that BitLocker is enabled on their system. We explained it in the article where we clarify when and why BitLocker is automatically activated on Windows 10 Home and Windows 11 Home.
Activating Bitlocker during the installation of Windows 11: here’s how to avoid it
LāBitLocker activation by default, it will be extended to an increasingly larger number of systems. Especially since Windows 11 24H2 will be published and distributed in the final version.
BitLocker is certainly a useful feature in many situations but the price is paid in terms of performance: It is known that encryption software-based (XTS-AES 128) on Windows, can lead to performance drops significant even on the fastest drives, such as modern PCIe Gen4 NVMe SSDs.
Free software like Rufus allows you to create Windows 11 installation media that does not activate BitLocker. It does this by preparing a file called unattended.xml which inside hosts the PreventDeviceEncryption directive. More information on the Unattended installation of Windows 11 is available in our dedicated article.
However, to avoid the activation of BitLocker during the installation phase of Windows 11, you can also proceed from original installation mediadownloaded from Microsoft servers or created with the Media Creation Tool (see page Download Windows 11): we see it in the following paragraph.
Prevent BitLocker from being enabled with a registry change
Using the installation media of Windows 11 downloaded from Microsoft servers as an ISO file or created with the Media Creation Tool, when you boot your system from that drive, you will choose your preferred keyboard layout, time zone, and region. By pressing the key combination MAIUSC+F10you can make the appear command prompt.
At this point, simply type the following, then close the command prompt and continue installing Windows 11 as normal:
reg add HKLM\SYSTEM\CurrentControlSet\Control\BitLocker /v PreventDeviceEncryption /t REG_DWORD /d 1 /f
By carrying out this simple step, you can ensure that BitLocker is not activated by Windows 11 during the installation of the operating system.
Opening image credit: iStock.com ā NguyenDucQuang