How to prevent automatic drive encryption in Windows 11?


Not sure, if it is possible in OOBE, but disabling/removing bitlocker/EFS services should prevent it 100%.

I do this post-setup: Disable decryption and decrypt, in case the disk is already encrypted.
Code: 
reg add "HKLM\System\CurrentControlSet\Control\BitLocker" /v "PreventDeviceEncryption" /t REG_DWORD /d "1" /f
fsutil behavior set disableencryption 1
manage-bde -off C:
manage-bde -off D:
cipher /d /s:C:\
sc config EFS start= disabled
sc config BDESVC start= disabled
 

My Computer

System One

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 3600 & No fTPM (07/19)
    Motherboard
    MSI B450 TOMAHAWK 7C02v1E & IFX TPM (07/19)
    Memory
    4x 8GB ADATA XPG GAMMIX D10 DDR4 3200MHz CL16
    Graphics Card(s)
    MSI Radeon RX 580 ARMOR 8G OC @48FPS (08/19)
    Sound Card
    Creative Sound Blaster Z (11/16)
    Monitor(s) Displays
    24" AOC G2460VQ6 (01/19)
    Screen Resolution
    1920×1080@75Hz & FreeSync (DisplayPort)
    Hard Drives
    ADATA XPG GAMMIX S11 Pro SSD 512GB (07/19)
    PSU
    Seasonic M12II-520 80 Plus Bronze (11/16)
    Case
    Lian Li PC-7NB & 3x Noctua NF-S12A FLX@700rpm (11/16)
    Cooling
    CPU Cooler Noctua NH-U12S@700rpm (07/19)
    Keyboard
    HP Wired Desktop 320K + Rabalux 76017 Parker (01/24)
    Mouse
    Logitech M330 Silent Plus (04/23)
    Internet Speed
    400/40 Mbps via RouterOS (05/21) & TCP Optimizer
    Browser
    Edge (No FB/Google) & Brave for YouTube & LibreWolf for FB
    Antivirus
    NoAV & Binisoft WFC & NextDNS
    Other Info
    Headphones: Sennheiser RS170 (09/10)
    Phone: Samsung Galaxy Xcover 7 (02/24)
TairikuOkami said:
Not sure, if it is possible in OOBE, but disabling/removing bitlocker/EFS services should prevent it 100%.

I do this post-setup: Disable decryption and decrypt, in case the disk is already encrypted.
Code: 
reg add "HKLM\System\CurrentControlSet\Control\BitLocker" /v "PreventDeviceEncryption" /t REG_DWORD /d "1" /f
fsutil behavior set disableencryption 1
manage-bde -off C:
manage-bde -off D:
cipher /d /s:C:\
sc config EFS start= disabled
sc config BDESVC start= disabled
Click to expand...
Hi,
Hate to be a necromunger but what if there is E & F partition ?
Code: 
reg add "HKLM\System\CurrentControlSet\Control\BitLocker" /v "PreventDeviceEncryption" /t REG_DWORD /d "1" /f
fsutil behavior set disableencryption 1
manage-bde -off C:
manage-bde -off D:
manage-bde -off E:
manage-bde -off F:
cipher /d /e /f /s:C:\
sc config EFS start= disabled
sc config BDESVC start= disabled
 

My Computer

System One

  • OS
    Win-7-10-11Pro's
    Computer type
    PC/Desktop
    Manufacturer/Model
    Acer 17" Nitro 7840sn/ 2x16gb 5600c40/ 4060/ stock 1tb-os/ 4tb sn850x
    CPU
    10900k & 9940x & 5930k
    Motherboard
    z490-Apex & x299-Apex & x99-Sabertooth
    Memory
    Trident-Z Royal 4000c16 2x16gb & Trident-Z 3600c16 4x8gb & 3200c14 4x8gb
    Graphics Card(s)
    Titan Xp & 1080ti FTW3 & evga 980ti gaming
    Sound Card
    Onboard Realtek x3
    Monitor(s) Displays
    1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24"/ 3rd LG 43" series
    Screen Resolution
    1920-1080 not sure what the t.v is besides 43" class scales from 1920-1080 perfectly
    Hard Drives
    2-WD-sn850x 4tb/ 970evo+500gb/ 980 pro 2tb.
    PSU
    1000p2 & 1200p2 & 850p2
    Case
    D450 x2 & 1 Test bench in cherry Entertainment center
    Cooling
    Custom water loops x3 with 2x mora 360mm rads only 980ti gaming air cooled
    Keyboard
    G710+x3
    Mouse
    Redragon x3
    Internet Speed
    xfinity gigabyte
    Browser
    Firefox
    Antivirus
    mbam pro
ThrashZone said:
but what if there is E & F partition ?
Click to expand...
Your posted code will do. cipher is only used do decrypt EFS files, I do not think it is enabled by default anymore.
 

My Computer

System One

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 3600 & No fTPM (07/19)
    Motherboard
    MSI B450 TOMAHAWK 7C02v1E & IFX TPM (07/19)
    Memory
    4x 8GB ADATA XPG GAMMIX D10 DDR4 3200MHz CL16
    Graphics Card(s)
    MSI Radeon RX 580 ARMOR 8G OC @48FPS (08/19)
    Sound Card
    Creative Sound Blaster Z (11/16)
    Monitor(s) Displays
    24" AOC G2460VQ6 (01/19)
    Screen Resolution
    1920×1080@75Hz & FreeSync (DisplayPort)
    Hard Drives
    ADATA XPG GAMMIX S11 Pro SSD 512GB (07/19)
    PSU
    Seasonic M12II-520 80 Plus Bronze (11/16)
    Case
    Lian Li PC-7NB & 3x Noctua NF-S12A FLX@700rpm (11/16)
    Cooling
    CPU Cooler Noctua NH-U12S@700rpm (07/19)
    Keyboard
    HP Wired Desktop 320K + Rabalux 76017 Parker (01/24)
    Mouse
    Logitech M330 Silent Plus (04/23)
    Internet Speed
    400/40 Mbps via RouterOS (05/21) & TCP Optimizer
    Browser
    Edge (No FB/Google) & Brave for YouTube & LibreWolf for FB
    Antivirus
    NoAV & Binisoft WFC & NextDNS
    Other Info
    Headphones: Sennheiser RS170 (09/10)
    Phone: Samsung Galaxy Xcover 7 (02/24)
TairikuOkami said:
Your posted code will do. cipher is only used do decrypt EFS files, I do not think it is enabled by default anymore.
Click to expand...
Hi,
Dude on TPU got bitlocked installing 23h2 :scream:
www.techpowerup.com

Microsoft re enables bitlocker, locked my computer and deleted the windows hello pin after installing 23H2.

brother bought a new laptop, got his old one and wiped it. fresh W11 Pro installation, manually disabled bitlocker and checked a couple times that it is actually disabled. (wasn't the first time i found it to be enabled again after a couple weeks) yesterday it installed 23H2 and it restarted for...
www.techpowerup.com www.techpowerup.com
 

My Computer

System One

  • OS
    Win-7-10-11Pro's
    Computer type
    PC/Desktop
    Manufacturer/Model
    Acer 17" Nitro 7840sn/ 2x16gb 5600c40/ 4060/ stock 1tb-os/ 4tb sn850x
    CPU
    10900k & 9940x & 5930k
    Motherboard
    z490-Apex & x299-Apex & x99-Sabertooth
    Memory
    Trident-Z Royal 4000c16 2x16gb & Trident-Z 3600c16 4x8gb & 3200c14 4x8gb
    Graphics Card(s)
    Titan Xp & 1080ti FTW3 & evga 980ti gaming
    Sound Card
    Onboard Realtek x3
    Monitor(s) Displays
    1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24"/ 3rd LG 43" series
    Screen Resolution
    1920-1080 not sure what the t.v is besides 43" class scales from 1920-1080 perfectly
    Hard Drives
    2-WD-sn850x 4tb/ 970evo+500gb/ 980 pro 2tb.
    PSU
    1000p2 & 1200p2 & 850p2
    Case
    D450 x2 & 1 Test bench in cherry Entertainment center
    Cooling
    Custom water loops x3 with 2x mora 360mm rads only 980ti gaming air cooled
    Keyboard
    G710+x3
    Mouse
    Redragon x3
    Internet Speed
    xfinity gigabyte
    Browser
    Firefox
    Antivirus
    mbam pro
The easiest way... and the safest way to always prevent windows update to screw up things (to restart things or reinstall things)... Is to look up the key files the program need to even be able to run.... Delete them, then create a new Ghost files in the exactly same name and then make sure the privileges for write/edit etc.. is set to you the user ONLY.. Then change the file to write protected.
The program can not run as it is an empty file... The system or the trusted installer can not replace the file with a working one, as it get access denied... and the program is dead forever...... or until you the user is delating the ghost-file and you let the system repair the program.
 

My Computers

System One System Two

  • OS
    Linux: Debian and Kali-Linux.. Windows 2xWin8.1, 2x7Pro, 1x2008R2.... Soon:server2022
    Manufacturer/Model
    AsusX53, Aspire E1-572. AsusUX32A, HP Pro3130mt+3010mt, HP Proliant ML150G3, 3xCustom-PC, i3, i5, i7
    CPU
    i3, i5 and i7 From 2gen to 9th gen... Server dual Xenon
    Hard Drives
    Sata, SAS
  • Operating System
    Retro:1x2003server.2xXPpro, 1xWin2000, 2xWin98SE, 1xWin95, 1xWin3.11, 2xMS-DOS
    Manufacturer/Model
    Commodore, AST, Fujitsu, Compaq, etc etc. etc
    CPU
    Oldest intel 8088 up to P4 dual core
    Hard Drives
    MFM, IDE, SCSI
Hi,
This is getting interesting OEM's are okaying activating bitlocker o_O
God I love new rufus and looks like I'll never stop using it but will never get a large build like 23h2 from windows update
www.techpowerup.com

Microsoft re enables bitlocker, locked my computer and deleted the windows hello pin after installing 23H2.

Hi, Yeah can't let your guard down for even a second Funny I don't even have win-10 drivers form my new lappy. Have to contact acer and ask why. and why tpm access is locked to. But installing green 23h2 what were you thinking :confused:
www.techpowerup.com www.techpowerup.com
 

My Computer

System One

  • OS
    Win-7-10-11Pro's
    Computer type
    PC/Desktop
    Manufacturer/Model
    Acer 17" Nitro 7840sn/ 2x16gb 5600c40/ 4060/ stock 1tb-os/ 4tb sn850x
    CPU
    10900k & 9940x & 5930k
    Motherboard
    z490-Apex & x299-Apex & x99-Sabertooth
    Memory
    Trident-Z Royal 4000c16 2x16gb & Trident-Z 3600c16 4x8gb & 3200c14 4x8gb
    Graphics Card(s)
    Titan Xp & 1080ti FTW3 & evga 980ti gaming
    Sound Card
    Onboard Realtek x3
    Monitor(s) Displays
    1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24"/ 3rd LG 43" series
    Screen Resolution
    1920-1080 not sure what the t.v is besides 43" class scales from 1920-1080 perfectly
    Hard Drives
    2-WD-sn850x 4tb/ 970evo+500gb/ 980 pro 2tb.
    PSU
    1000p2 & 1200p2 & 850p2
    Case
    D450 x2 & 1 Test bench in cherry Entertainment center
    Cooling
    Custom water loops x3 with 2x mora 360mm rads only 980ti gaming air cooled
    Keyboard
    G710+x3
    Mouse
    Redragon x3
    Internet Speed
    xfinity gigabyte
    Browser
    Firefox
    Antivirus
    mbam pro
Try3 said:
That's device encryption not Bitlocker.
The two are different things.


All the best,
Denis
Click to expand...
I had a bad experience with device encryption that I didn't know it could exist on Win 11 Home.
When you open Disk Manager it shows the partitions as Bitlocker encrypted.
www.elevenforum.com

All partitions are Bitlocker on Win 11 Home SL?

Just made a clean install on a M.2 NVMe on a Samsung Book X30 It says that all data partitions are Bitlocker encrypted. - Its a Win 11 Home SL -Never set any Bitlocker encryption. What´s going on?
www.elevenforum.com www.elevenforum.com
 

My Computers

System One System Two

  • OS
    Windows 7 HP 64 - Windows 11 Pro - Lubuntu
    Computer type
    PC/Desktop
    Manufacturer/Model
    custom build
    CPU
    i5 6600K - 800MHz to 4400MHz
    Motherboard
    GA-Z170-HD3P
    Memory
    4+4G GSkill DDR4 3000
    Graphics Card(s)
    IG - Intel 530
    Monitor(s) Displays
    Samsung 226BW
    Screen Resolution
    1680x1050
    Hard Drives
    (1) -1 SM951 – 128GB M.2 AHCI PCIe SSD drive for Win 11
    (2) -1 WD SATA 3 - 1T for Data
    (3) -1 WD SATA 3 - 1T for backup
    (4) -1 BX500 SSD - 128G for Windows 7 and Lubuntu
    PSU
    Thermaltake 450W TR2 gold
    Keyboard
    Old and good Chicony mechanical keyboard
    Mouse
    Logitech mX performance - 9 buttons (had to disable some)
    Internet Speed
    500 Mb/s
    Browser
    Firefox 64
  • Operating System
    Windows 7 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Asus Q550LF
    CPU
    i7-4500U 800- 3000MHz
    Motherboard
    Asus Q550LF
    Memory
    (4+4)G DDR3 1600
    Graphics card(s)
    IG intel 4400 + NVIDIA GeForce GT 745M
    Sound Card
    Realtek
    Monitor(s) Displays
    LG Display LP156WF4-SPH1
    Screen Resolution
    1920 x 1080
    Hard Drives
    BX500 120G SSD for Windows and programs
    & 1T HDD for data
    Internet Speed
    350 Mb/s
    Browser
    Firefox 64
Luis,

Yes, device encryption has caused a lot of concern. There were quite a few threads about it in the Spring & Summer.

Unlike Bitlocker, you can just go to
Settings, Privacy & security, Device encryption
and turn it off without any password being involved at any stage.
Turn On or Off Device Encryption - ElevenForumTutorials
In the two Windows 11 Home computers in which I've experienced Device encryption upon Windows installation, turning it off caused a warning that it might take a long time but it actually only took a couple of minutes [my Earl Grey wasn't properly brewed].

There were suggestions in at least one ElevenForum thread that a particular Registry edit during installation would prevent unsolicited Device encryption but it didn't work in any of my cases.


All the best,
Denis
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Home x64 Version 23H2 Build 22631.3447
Try3 said:
That's device encryption not Bitlocker.
The two are different things.


All the best,
Denis
Click to expand...
Hi,
OEM and ms forcing the feature and the result is the same/ bitlocker used and ms forcing ms account usage to upload bitlocker key to.
Not exactly different at all.

Feel free to pick up from here
www.techpowerup.com

Microsoft re enables bitlocker, locked my computer and deleted the windows hello pin after installing 23H2.

I have a better one. I moved my MP700 to a different M2 slot and now Gamepass is asking me to reinstall Forza 8. I removed a 32gig kit from my motherboard and put in a 64gig kit and had to use phone to recert my key.
www.techpowerup.com www.techpowerup.com
 

My Computer

System One

  • OS
    Win-7-10-11Pro's
    Computer type
    PC/Desktop
    Manufacturer/Model
    Acer 17" Nitro 7840sn/ 2x16gb 5600c40/ 4060/ stock 1tb-os/ 4tb sn850x
    CPU
    10900k & 9940x & 5930k
    Motherboard
    z490-Apex & x299-Apex & x99-Sabertooth
    Memory
    Trident-Z Royal 4000c16 2x16gb & Trident-Z 3600c16 4x8gb & 3200c14 4x8gb
    Graphics Card(s)
    Titan Xp & 1080ti FTW3 & evga 980ti gaming
    Sound Card
    Onboard Realtek x3
    Monitor(s) Displays
    1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24"/ 3rd LG 43" series
    Screen Resolution
    1920-1080 not sure what the t.v is besides 43" class scales from 1920-1080 perfectly
    Hard Drives
    2-WD-sn850x 4tb/ 970evo+500gb/ 980 pro 2tb.
    PSU
    1000p2 & 1200p2 & 850p2
    Case
    D450 x2 & 1 Test bench in cherry Entertainment center
    Cooling
    Custom water loops x3 with 2x mora 360mm rads only 980ti gaming air cooled
    Keyboard
    G710+x3
    Mouse
    Redragon x3
    Internet Speed
    xfinity gigabyte
    Browser
    Firefox
    Antivirus
    mbam pro
Mike,

I do not need to look in your link to know that Device encryption is not the same as Bitlocker.
That link's claim that a key had to be uploaded somewhere is incorrect.
Device encryption does not involve any key.
You just decrypt without one.
- I have done this several times this year.
- The tutorial also makes this clear.


Merry Christmas,
Denis
 

My Computer

System One

  • OS
    Windows 11 Home x64 Version 23H2 Build 22631.3447
You must log in or register to reply here.

Similar threads

How to prevent automatic installation of 23H2
Replies
3
Views
1K
FreeBooter
FreeBooter
TPM Not Detected, In Prep for Upgrade to Windows 11
2
Replies
21
Views
1K
btvarner
btvarner
How do I prevent KB5036893 from installing without disabling updates
2 3
Replies
40
Views
3K
Winuser
Winuser
Solved msconfig boot section is blank after re-creating boot partition
2
Replies
21
Views
612
zbook
Z
build ISO to mimic usb drive
Replies
2
Views
485
hsehestedt
hsehestedt

Latest Support Threads

Latest Tutorials

Back
Top Bottom