Solved Is it possible to re-encrypt the system drive with a different key without decrypting all other drives?

What I want to do is to re-encrypt the system drive with a different key.

My setup: I have 2 internal SSD drives (NVME, SATA) in the computer, and another USB external drive, all encrypted with Bitlocker. They are all set to unlock automatically, with the external drive also having a password attached.

I understand that to re-encrypt the system drive with a different key, I have to disable Bitlocker and decrypt it first, and they re-enable Bitlocker and encrypt it again later. However, to disable the system drive, the Bitlocker manager insists that all other drives (SATA, USB external) have to be decrypted too. I don't really get it, since I have separate recovery keys for all those drives. Why do other drives have to be decrypted too if I have the recovery keys?

Is it possible to re-encrypt the system drive with a different key without decrypting all other drives if I have the recovery keys to all 3 drives?

Yes. Windows 11 Pro 22H2 Build 22621.1555.

Just tested this - solution is simple:-

Turn off auto unlock on the other drives, then you can decrypt C drive separately.

Then you can turn on auto unlock again.

Not sure why you want to do this anyway?

Thanks for the trouble of testing this out. I'll give it a try. I have a reason to believe that the recovery key was exposed, so I want to be absolutely sure that only I have the key.

echo2446 said:

Thanks for the trouble of testing this out. I'll give it a try. I have a reason to believe that the recovery key was exposed, so I want to be absolutely sure that only I have the key.

Click to expand...

That makes sense.

Autounlock ties other drives to bitlocked C drive.

You cannot specify autounlock for other drives unless C drive is encrypyted.

Thus you need to remove autounlock other drives to decrypt C drive separately.

Let us know how you get on - 99.99% certain this will work.