Stop Automatic BitLocker Device Encryption During Installation in Windows 11

Key Points :

Windows 11 now automatically activates Device Encryption during installation, beginning with version 24H2.
You can prevent the setup from enabling encryption by making a custom USB bootable media using Rufus or altering the Registry during installation.
Alternatively, after installation, you can disable Device Encryption in the Settings app for Pro and Home editions.

Starting with Windows 11 24H2, Microsoft intends to use the “Device Encryption” feature to automatically enable encryption during operating system installation for both Pro and Home editions. However, if you do not want to use this security feature, you can install the operating system without encryption or disable it after setup.

What is Device Encryption?

Device Encryption is a security feature that encrypts the entire system disk to keep your stuff secure. This keeps your data safe and inaccessible to unauthorized users, even if the device is lost or stolen.

On Windows 11, the capability employs the Advanced Encryption Standard (AES) to encrypt documents, photos, and other data on your computer. It turns data into a format that cannot be read without the proper decryption key, thus protecting it from illegal access.

In the past, computers were required to meet either Modern Standby or HSTI security requirements, but starting with version 24H2 (2024 Update), the company is making changes to relax the requirements to enable encryption on more devices.

What is the difference between Bitlocker and Device Encryption?

BitLocker and Device Encryption are security features that enable drive encryption. The distinction is that BitLocker is a full-featured encryption technology that is only available for Windows 11 Pro, Enterprise, and Education.

Device Encryption, on the other hand, is a reduced version of BitLocker that is compatible with Windows 11 Home and newer devices running Windows 11 Pro or higher editions. It provides basic encryption functionality for consumer devices. Furthermore, this feature encrypts only the installation and secondary drives. It does not encrypt external storage attached to the device.

Why is Device Encryption turned off?

Although automatic bitlocker device encryption is usually a good thing, there are still legitimate reasons to disable it. Encryption no longer has the same performance impact on newer hardware, but it might still be an issue for devices with older hardware.

Another factor to consider is compatibility, as some apps or peripherals may not function properly with an encrypted drive. However, if you have a dual-boot system, attempting to run Windows alongside Linux on the same computer may cause problems.

Furthermore, if you often transfer drives between systems or need to use data recovery software that does not support encrypted drives, disabling encryption can make these processes easier. Furthermore, while encryption keys are intended to secure data, losing access to them might lead to permanent data loss.

In this post, I’ll describe how to prevent the Windows 11 setup from encrypting your computer, as well as how to turn off encryption after installation.

Use Rufus to disable device encryption

To use Rufus to generate a bootable media of Windows 11 that removes encryption, connect an 8GB USB flash drive, and then follow these steps:

Open the Rufus website.
Under the “Download” section, you can find a link to the latest version.

To activate the tool, double-click the executable file.
At the bottom of the page, select the Settings button (the third from the left).
Under the “Settings” section, click the “Check for updates” drop-down menu and choose the Daily option.
Click the close button.
Click the Close button again.
Reopen Rufus.
(Optional) To build installation media, utilize the drop-down selection in the “Device” section and pick the USB flash drive.
Select the “Disk or ISO image” option from the drop-down menu in the “Boot selection” section.
Click the down-arrow button (on the right) and select the Download option.
Click the “Download” button.
Select Windows 11.
Select the Continue button.
Select the Windows 11 release to download.
Select the Continue button.
Select Windows 11 Home/Pro/Edu.
Select the Continue button.
Choose the language of Windows 11.
Select the Continue button.
Pick the x64 architecture option.
Click the “Download” button.
Choose a location to automatically save the ISO file.
In the “Image option” section, select “Standard Windows 11 Installation”.
(Optional) Following the download, return to the default settings.
(Optional) In the “Volume label” setting, enter a name for the drive.
Click the Start button.
Clear all options (if necessary).
Choose the “Disable Automatic BitLocker Device Encryption” option.
Select the OK button.
Once you’ve completed the procedures, use the bootable media to install Windows 11 without automatic bitlocker device encryption.
During the setup process, disable device encryption.
Follow the instructions below to disable encryption during the Windows 11 24H2 installation:
Begin the computer with the Windows 11 24H2 USB flash drive.
To continue, press any key.
Choose an installation language and format.
Click the next button.
Select the keyboard and input method.
Click the next button.
Choose the “Install Windows 11” option.
Check the “I agree to everything” box to indicate that this process will remove everything on the computer.
Select the “I don’t have a product key” option.
Choose which edition of “Windows 11” your license key activates (if applicable).
Click the next button.
Click the accept button.
Select each partition on the hard drive where you wish to install the operating system and then click the Delete button. (Typically, “Drive 0” is the drive that holds all of the installation files.)
To install Windows 11, select your hard drive (Drive 0 Unallocated Space).
Click the next button.
Click the “Install” button.
After installation, use the keyboard shortcut “Shift + F10” to navigate to the first page of the out-of-the-box experience (OOBE).
To open the Registry, type the regedit command and then click Enter.
Navigate to the following path in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLocker
Right-click the BitLocker key, select New, and then “DWORD (32-bit) Value”.
Confirm the PreventDeviceEncryption name for the DWORD value, then hit Enter.
Right-click the newly created key and select Modify.
Change the value from zero to one.
Click the Okay button.
Click the Close (X) button in the Registry app.
Click the Close (X) button in the Command Prompt app.
Continue following the on-screen instructions to complete the version 24H2 setup.

After completing the instructions, the Windows 11 installation will not be encrypted with BitLocker.

Disable Automatic BitLocker Device Encryption After Installation

To disable Device Encryption after Windows 11 installation, follow these steps:

Open the Settings menu.
Click on Privacy and Security.
Select the Device Encryption page.
Switch off the “Device Encryption” toggle switch.
Click the Turn Off button.

Once you’ve finished the instructions, Windows 11 will disable encryption on your computer.

If you want to use your computer with encryption, you should back up the BitLocker recovery key so that if something goes wrong, you can recover.

It’s worth noting that many computer makers have been encrypting devices by default for a long time, and the ability to utilize encryption during installation isn’t unique to Windows 11. However, beginning with version 24H2, Microsoft will attempt to enforce the functionality even when you restart your machine. When upgrading from an older version to 24H2, the security function will not be enabled immediately.

Are you turning off your computer’s encryption? Do you have any other questions? Please leave a remark below. Automatic bitlocker device encryption during installation in Windows 11 is easy with BLR Tools. They provide best bitlocker recovery software.