Is there a way to prevent Windows from activating BitLocker automatically?


Spartan

Well-known member
Member
VIP
Local time
1:52 PM
Posts
229
Location
Dubai
OS
Windows 11 Education
This is annoying the living crap out of me. Every time I install Windows 11 Pro or 10 Pro recently even, the first thing I noticed upon logging in is Windows is encrypting my disk which I know how to stop and disable but is there a way to prevent this from happening automatically so I don't need to manually stop it for every machine I install Windows on?
 

My Computers

System One System Two

  • OS
    Windows 11 Education
    Computer type
    Laptop
    Manufacturer/Model
    Alienware m18 R1
    CPU
    AMD Ryzen 9 7945HX
    Motherboard
    Alienware
    Memory
    Kingston FURY Impact 64 GB 5200 MHz DDR5 RAM
    Graphics Card(s)
    GeForce RTX 4090 16 GB GDDR6
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    18" QHD+ (2560 x 1600) 165Hz, 3ms 300-Nit Screen + LG 32GQ850-B 32" UltraGear QHD 240hz Monitor
    Screen Resolution
    WQHD (3440 x 1440)
    Hard Drives
    Samsung 990 PRO 2TB + 4TB SSDs
    PSU
    330W AC Power Adapter
    Cooling
    Noctua NT-H2 + Fujipoly Extreme Thermal Pads
    Keyboard
    Alienware CherryMX mechanical keyboard (Laptop) + AW510K Mechanical Gaming Keyboard (external)
    Mouse
    Alienware Tri-Mode Wireless Gaming Mouse AW720M
    Internet Speed
    1 GBPS Down / 350 MBPS Up
    Browser
    Google Chrome
    Antivirus
    Avast Antivirus
  • Operating System
    Windows 11 Education
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 15 9500
    CPU
    Intel i7-10875H
    Memory
    Kingston FURY Impact 64 GB 3200 MHz DDR4 RAM
    Graphics card(s)
    nVIDIA GeForce GTX 1650 Ti Max-Q w/ 4 GB GDDR6
    Sound Card
    Realtek
    Monitor(s) Displays
    15.6 UHD+ Touch, InfinityEdge, 500-nits, Anti-Reflecitve
    Screen Resolution
    3840 x 2400
    Hard Drives
    Samsung 990 PRO 2TB + 4TB SSDs
    PSU
    Dell 130W Laptop Charger USB C Type C AC Adapter
    Cooling
    Noctua NT-H2 Thermal Paste on CPU + GPU
    Mouse
    Logitech MX Anywhere 3
    Internet Speed
    1 GBPS Down / 350 MBPS Up
    Browser
    Google Chrome
    Antivirus
    Avast Free Antivirus
Are you in a domain environment where this might be getting pushed to your system via a policy?

I have never ever seen a standalone machine simply start BitLocking a drive on it's own.
 

My Computers

System One System Two

  • OS
    Win11 Pro 23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-11700K
    Motherboard
    ASUS Prime Z590-A
    Memory
    128GB Crucial Ballistix 3200MHz DRAM
    Graphics Card(s)
    No GPU - CPU graphics only (for now)
    Sound Card
    Realtek (on motherboard)
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe Gen 4 x 4 SSD
    1 x 2TB NVMe Gen 3 x 4 SSD
    2 x 512GB 2.5" SSDs
    2 x 8TB HD
    PSU
    Corsair HX850i
    Case
    Corsair iCue 5000X RGB
    Cooling
    Noctua NH-D15 chromax.black cooler + 10 case fans
    Keyboard
    CODE backlit mechanical keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    Additional options installed:
    WiFi 6E PCIe adapter
    ASUS ThunderboltEX 4 PCIe adapter
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Mouse
    Buttonless Glass Precision Touchpad
    Keyboard
    Backlit, spill resistant keyboard
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
Are you in a domain environment where this might be getting pushed to your system via a policy?

I have never ever seen a standalone machine simply start BitLocking a drive on it's own.
No man, at home.
Happens to me on every one of my machines that has an SSD and TPM support. This has started recently with the last build of Windows 10 and now on 11 obviously. Only happens on Windows Pro or Enterprise, not on Home edition installs
 

My Computers

System One System Two

  • OS
    Windows 11 Education
    Computer type
    Laptop
    Manufacturer/Model
    Alienware m18 R1
    CPU
    AMD Ryzen 9 7945HX
    Motherboard
    Alienware
    Memory
    Kingston FURY Impact 64 GB 5200 MHz DDR5 RAM
    Graphics Card(s)
    GeForce RTX 4090 16 GB GDDR6
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    18" QHD+ (2560 x 1600) 165Hz, 3ms 300-Nit Screen + LG 32GQ850-B 32" UltraGear QHD 240hz Monitor
    Screen Resolution
    WQHD (3440 x 1440)
    Hard Drives
    Samsung 990 PRO 2TB + 4TB SSDs
    PSU
    330W AC Power Adapter
    Cooling
    Noctua NT-H2 + Fujipoly Extreme Thermal Pads
    Keyboard
    Alienware CherryMX mechanical keyboard (Laptop) + AW510K Mechanical Gaming Keyboard (external)
    Mouse
    Alienware Tri-Mode Wireless Gaming Mouse AW720M
    Internet Speed
    1 GBPS Down / 350 MBPS Up
    Browser
    Google Chrome
    Antivirus
    Avast Antivirus
  • Operating System
    Windows 11 Education
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 15 9500
    CPU
    Intel i7-10875H
    Memory
    Kingston FURY Impact 64 GB 3200 MHz DDR4 RAM
    Graphics card(s)
    nVIDIA GeForce GTX 1650 Ti Max-Q w/ 4 GB GDDR6
    Sound Card
    Realtek
    Monitor(s) Displays
    15.6 UHD+ Touch, InfinityEdge, 500-nits, Anti-Reflecitve
    Screen Resolution
    3840 x 2400
    Hard Drives
    Samsung 990 PRO 2TB + 4TB SSDs
    PSU
    Dell 130W Laptop Charger USB C Type C AC Adapter
    Cooling
    Noctua NT-H2 Thermal Paste on CPU + GPU
    Mouse
    Logitech MX Anywhere 3
    Internet Speed
    1 GBPS Down / 350 MBPS Up
    Browser
    Google Chrome
    Antivirus
    Avast Free Antivirus
I see you're using Windows 11 Pro for Workstations. If I'm not mistaken, the default is to have BitLocker turned ON.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 15 9510 OLED
    CPU
    11th Gen i9 -11900H
    Memory
    32 GB 3200 MHz DDR4
    Graphics Card(s)
    NVIDIA® GeForce® RTX 3050Ti
    Monitor(s) Displays
    15.6" OLED Infinity Edge Touch
    Screen Resolution
    16:10 Aspect Ratio (3456 x 2160)
    Hard Drives
    1 Terabyte M.2 PCIe NVMe SSD
    2 Thunderbolt™ 4 (USB Type-C™)
    1 USB 3.2 Gen 2 (USB Type-C™)
    SD Card Reader (SD, SDHC, SDXC)
    Internet Speed
    900 Mbps Netgear Orbi + 2 Satellites
    Browser
    Microsoft Edge (Chromium) + Bing
    Antivirus
    Microsoft Windows Security (Defender)
    Other Info
    Microsoft 365 subscription
    Microsoft OneDrive 1TB Cloud
    Microsoft Outlook
    Microsoft OneNote
    Microsoft PowerToys
    Microsoft Visual Studio
    Microsoft Visual Studio Code
    Macrium Reflect
    Dell Support Assist
    Dell Command | Update
    LastPass Password Manager
    Amazon Kindle
    Interactive Brokers Trader Workstation
    Lightroom/Photoshop subscription
  • Operating System
    Windows 11 Pro
    Computer type
    Tablet
    Manufacturer/Model
    Microsoft Surface Pro 7
    CPU
    i5
    Memory
    8 GB
    Hard Drives
    256GB SSD
    Internet Speed
    900 Mbps Netgear Orbi + 2 Satellites
    Browser
    Microsoft Edge (Chromium) + Bing
    Antivirus
    Microsoft Windows Security (Defender)
    Other Info
    Microsoft 365 subscription (Office)
    Microsoft OneDrive 1TB Cloud
    Microsoft Outlook
    Microsoft OneNote
    Microsoft Visual Studio
    Amazon Kindle
    Interactive Brokers Trader Workstation
    Lightroom/Photoshop subscription
Actually the same happened to me on my Windows 11 Home edition yesterday when my separate I terabyte HDD drive was invisible to start with after a fresh genuine WIndows 11 install from iso so I have to unencrypt t as well as assign a new drive letter to it.
This has happened on a number of occasions and no logic behind it; totally random.
 

My Computer

System One

  • OS
    Windows 11
This has happened on a number of occasions and no logic behind it; totally random.

It is and is freakin' annoying man! See I work in a computer company and we have a service where we teak and tune the computers of customers. I have to do this decrypting for every freakin' laptop that's why I'm saying this is annoying and not particular to my laptop. Happens 90% of the time now and sometimes it doesn't as if Windows has a mind of its own.

I wish there was entry or script to have in the Windows install Flash Disk to disable Encryption completely.
 

My Computers

System One System Two

  • OS
    Windows 11 Education
    Computer type
    Laptop
    Manufacturer/Model
    Alienware m18 R1
    CPU
    AMD Ryzen 9 7945HX
    Motherboard
    Alienware
    Memory
    Kingston FURY Impact 64 GB 5200 MHz DDR5 RAM
    Graphics Card(s)
    GeForce RTX 4090 16 GB GDDR6
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    18" QHD+ (2560 x 1600) 165Hz, 3ms 300-Nit Screen + LG 32GQ850-B 32" UltraGear QHD 240hz Monitor
    Screen Resolution
    WQHD (3440 x 1440)
    Hard Drives
    Samsung 990 PRO 2TB + 4TB SSDs
    PSU
    330W AC Power Adapter
    Cooling
    Noctua NT-H2 + Fujipoly Extreme Thermal Pads
    Keyboard
    Alienware CherryMX mechanical keyboard (Laptop) + AW510K Mechanical Gaming Keyboard (external)
    Mouse
    Alienware Tri-Mode Wireless Gaming Mouse AW720M
    Internet Speed
    1 GBPS Down / 350 MBPS Up
    Browser
    Google Chrome
    Antivirus
    Avast Antivirus
  • Operating System
    Windows 11 Education
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 15 9500
    CPU
    Intel i7-10875H
    Memory
    Kingston FURY Impact 64 GB 3200 MHz DDR4 RAM
    Graphics card(s)
    nVIDIA GeForce GTX 1650 Ti Max-Q w/ 4 GB GDDR6
    Sound Card
    Realtek
    Monitor(s) Displays
    15.6 UHD+ Touch, InfinityEdge, 500-nits, Anti-Reflecitve
    Screen Resolution
    3840 x 2400
    Hard Drives
    Samsung 990 PRO 2TB + 4TB SSDs
    PSU
    Dell 130W Laptop Charger USB C Type C AC Adapter
    Cooling
    Noctua NT-H2 Thermal Paste on CPU + GPU
    Mouse
    Logitech MX Anywhere 3
    Internet Speed
    1 GBPS Down / 350 MBPS Up
    Browser
    Google Chrome
    Antivirus
    Avast Free Antivirus
I have never ever seen a standalone machine simply start BitLocking a drive on it's own.
I have. A clean install of 10 or 11 Pro on a machine with a TPM will automatically encrypt the drive by default. I have also seen this on a Dell laptop that came with its OEM installed W10 Pro, and have also seen this on another Dell laptop after resetting it with its official Dell factory reset ISO (which installed Windows 10 Pro version 1809).

In all cases Bitlocker is not turned on though, but the drives are encrypted all the same.
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    50 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
yeah I always back up my "D drive" to an external hard drive before ever attempting a fresh install and yet with the same Windows 11 iso from Microsoft on the same Dell Inspiron 7700 AIO factory spec it has NEVER ever gone the same any time whenever I have reinstalled the system at all. Once both hard drives were encrypted no idea how and I was left with an operating system but with no initial way to access either hard drive weird or what !
 

My Computer

System One

  • OS
    Windows 11
I just checked my new Dell XPS 15 9510.
BitLocker was turned ON.
I'll be damned!
I just turned it OFF.

What does BitLocker do to disk speed?
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 15 9510 OLED
    CPU
    11th Gen i9 -11900H
    Memory
    32 GB 3200 MHz DDR4
    Graphics Card(s)
    NVIDIA® GeForce® RTX 3050Ti
    Monitor(s) Displays
    15.6" OLED Infinity Edge Touch
    Screen Resolution
    16:10 Aspect Ratio (3456 x 2160)
    Hard Drives
    1 Terabyte M.2 PCIe NVMe SSD
    2 Thunderbolt™ 4 (USB Type-C™)
    1 USB 3.2 Gen 2 (USB Type-C™)
    SD Card Reader (SD, SDHC, SDXC)
    Internet Speed
    900 Mbps Netgear Orbi + 2 Satellites
    Browser
    Microsoft Edge (Chromium) + Bing
    Antivirus
    Microsoft Windows Security (Defender)
    Other Info
    Microsoft 365 subscription
    Microsoft OneDrive 1TB Cloud
    Microsoft Outlook
    Microsoft OneNote
    Microsoft PowerToys
    Microsoft Visual Studio
    Microsoft Visual Studio Code
    Macrium Reflect
    Dell Support Assist
    Dell Command | Update
    LastPass Password Manager
    Amazon Kindle
    Interactive Brokers Trader Workstation
    Lightroom/Photoshop subscription
  • Operating System
    Windows 11 Pro
    Computer type
    Tablet
    Manufacturer/Model
    Microsoft Surface Pro 7
    CPU
    i5
    Memory
    8 GB
    Hard Drives
    256GB SSD
    Internet Speed
    900 Mbps Netgear Orbi + 2 Satellites
    Browser
    Microsoft Edge (Chromium) + Bing
    Antivirus
    Microsoft Windows Security (Defender)
    Other Info
    Microsoft 365 subscription (Office)
    Microsoft OneDrive 1TB Cloud
    Microsoft Outlook
    Microsoft OneNote
    Microsoft Visual Studio
    Amazon Kindle
    Interactive Brokers Trader Workstation
    Lightroom/Photoshop subscription
I have. A clean install of 10 or 11 Pro on a machine with a TPM will automatically encrypt the drive by default. I have also seen this on a Dell laptop that came with its OEM installed W10 Pro, and have also seen this on another Dell laptop after resetting it with its official Dell factory reset ISO (which installed Windows 10 Pro version 1809).

In all cases Bitlocker is not turned on though, but the drives are encrypted all the same.
Every single machine I have has a physical TPM which is enabled in the BIOS with the exception of my 10+ year old laptop. BitLocker does not self-enable on ANY of those systems. Ever. Period. I had to manually choose to BitLocker encrypt my drives every single time.

The one and only exception that I can see to this is possibly if you have self-encrypting drives installed in your system. I remember a discussion a few years ago about some rather severe vulnerabilities in some of those drives and I think Microsoft no longer "trusted" those drives. It may be that they used BitLocker to override the self-encryption on those drives but that is something I'll have to research.
 

My Computers

System One System Two

  • OS
    Win11 Pro 23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-11700K
    Motherboard
    ASUS Prime Z590-A
    Memory
    128GB Crucial Ballistix 3200MHz DRAM
    Graphics Card(s)
    No GPU - CPU graphics only (for now)
    Sound Card
    Realtek (on motherboard)
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe Gen 4 x 4 SSD
    1 x 2TB NVMe Gen 3 x 4 SSD
    2 x 512GB 2.5" SSDs
    2 x 8TB HD
    PSU
    Corsair HX850i
    Case
    Corsair iCue 5000X RGB
    Cooling
    Noctua NH-D15 chromax.black cooler + 10 case fans
    Keyboard
    CODE backlit mechanical keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    Additional options installed:
    WiFi 6E PCIe adapter
    ASUS ThunderboltEX 4 PCIe adapter
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Mouse
    Buttonless Glass Precision Touchpad
    Keyboard
    Backlit, spill resistant keyboard
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
I just checked my new Dell XPS 15 9510.
BitLocker was turned ON.
I'll be damned!
I just turned it OFF.

What does BitLocker do to disk speed?
On modern hardware, it does nothing to the speed. Maybe a 1 or 2 percent performance hit on a bad day.
 

My Computers

System One System Two

  • OS
    Win11 Pro 23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-11700K
    Motherboard
    ASUS Prime Z590-A
    Memory
    128GB Crucial Ballistix 3200MHz DRAM
    Graphics Card(s)
    No GPU - CPU graphics only (for now)
    Sound Card
    Realtek (on motherboard)
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe Gen 4 x 4 SSD
    1 x 2TB NVMe Gen 3 x 4 SSD
    2 x 512GB 2.5" SSDs
    2 x 8TB HD
    PSU
    Corsair HX850i
    Case
    Corsair iCue 5000X RGB
    Cooling
    Noctua NH-D15 chromax.black cooler + 10 case fans
    Keyboard
    CODE backlit mechanical keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    Additional options installed:
    WiFi 6E PCIe adapter
    ASUS ThunderboltEX 4 PCIe adapter
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Mouse
    Buttonless Glass Precision Touchpad
    Keyboard
    Backlit, spill resistant keyboard
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
Ah hah!


 

My Computers

System One System Two

  • OS
    Win11 Pro 23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-11700K
    Motherboard
    ASUS Prime Z590-A
    Memory
    128GB Crucial Ballistix 3200MHz DRAM
    Graphics Card(s)
    No GPU - CPU graphics only (for now)
    Sound Card
    Realtek (on motherboard)
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe Gen 4 x 4 SSD
    1 x 2TB NVMe Gen 3 x 4 SSD
    2 x 512GB 2.5" SSDs
    2 x 8TB HD
    PSU
    Corsair HX850i
    Case
    Corsair iCue 5000X RGB
    Cooling
    Noctua NH-D15 chromax.black cooler + 10 case fans
    Keyboard
    CODE backlit mechanical keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    Additional options installed:
    WiFi 6E PCIe adapter
    ASUS ThunderboltEX 4 PCIe adapter
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Mouse
    Buttonless Glass Precision Touchpad
    Keyboard
    Backlit, spill resistant keyboard
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
What does BitLocker do to disk speed?
Had I had not owned a Mac computer before, I would've never known. I had a MacBook Pro 16 last year and when you first go through the initial setup wizard, it asks you of you want to encrypt the disks for security which I stupidly did. I started using MacOS for the first time and everything was jerky and slow I thought that's how it is but knew something was off as it didn't coincide with all the online reviews I saw. Boot time was slow, system snappiness was not there. I then thought of turning off encryption and I swear it's like I just bought a new machine! Everything I described changed 180 degrees.

Same goes with Windows, I know how fast and snappy a new computer is because I deal with them every day for years. Only recently had I started noticing something was seriously wrong and when I checked, disk encryption was on and the moment you turn it off everything comes back to life.

Not to mention, we've had hundreds of tech support tickets of users who had lost their data after they formatted their C: partition thinking everything was safe on D: After the format, they had no way of accessing their old encrypted data as they didn't have the backup key.

This is a serious issue and Microsoft has no right enabling Encryption by default without the user giving consent and knowing what he's getting into.
 

My Computers

System One System Two

  • OS
    Windows 11 Education
    Computer type
    Laptop
    Manufacturer/Model
    Alienware m18 R1
    CPU
    AMD Ryzen 9 7945HX
    Motherboard
    Alienware
    Memory
    Kingston FURY Impact 64 GB 5200 MHz DDR5 RAM
    Graphics Card(s)
    GeForce RTX 4090 16 GB GDDR6
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    18" QHD+ (2560 x 1600) 165Hz, 3ms 300-Nit Screen + LG 32GQ850-B 32" UltraGear QHD 240hz Monitor
    Screen Resolution
    WQHD (3440 x 1440)
    Hard Drives
    Samsung 990 PRO 2TB + 4TB SSDs
    PSU
    330W AC Power Adapter
    Cooling
    Noctua NT-H2 + Fujipoly Extreme Thermal Pads
    Keyboard
    Alienware CherryMX mechanical keyboard (Laptop) + AW510K Mechanical Gaming Keyboard (external)
    Mouse
    Alienware Tri-Mode Wireless Gaming Mouse AW720M
    Internet Speed
    1 GBPS Down / 350 MBPS Up
    Browser
    Google Chrome
    Antivirus
    Avast Antivirus
  • Operating System
    Windows 11 Education
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 15 9500
    CPU
    Intel i7-10875H
    Memory
    Kingston FURY Impact 64 GB 3200 MHz DDR4 RAM
    Graphics card(s)
    nVIDIA GeForce GTX 1650 Ti Max-Q w/ 4 GB GDDR6
    Sound Card
    Realtek
    Monitor(s) Displays
    15.6 UHD+ Touch, InfinityEdge, 500-nits, Anti-Reflecitve
    Screen Resolution
    3840 x 2400
    Hard Drives
    Samsung 990 PRO 2TB + 4TB SSDs
    PSU
    Dell 130W Laptop Charger USB C Type C AC Adapter
    Cooling
    Noctua NT-H2 Thermal Paste on CPU + GPU
    Mouse
    Logitech MX Anywhere 3
    Internet Speed
    1 GBPS Down / 350 MBPS Up
    Browser
    Google Chrome
    Antivirus
    Avast Free Antivirus
Every single machine I have has a physical TPM which is enabled in the BIOS with the exception of my 10+ year old laptop. BitLocker does not self-enable on ANY of those systems. Ever. Period. I had to manually choose to BitLocker encrypt my drives every single time.

The one and only exception that I can see to this is possibly if you have self-encrypting drives installed in your system. I remember a discussion a few years ago about some rather severe vulnerabilities in some of those drives and I think Microsoft no longer "trusted" those drives. It may be that they used BitLocker to override the self-encryption on those drives but that is something I'll have to research.
90% of the time I see this happening to machines that have a Samsung SSD by the way.
 

My Computers

System One System Two

  • OS
    Windows 11 Education
    Computer type
    Laptop
    Manufacturer/Model
    Alienware m18 R1
    CPU
    AMD Ryzen 9 7945HX
    Motherboard
    Alienware
    Memory
    Kingston FURY Impact 64 GB 5200 MHz DDR5 RAM
    Graphics Card(s)
    GeForce RTX 4090 16 GB GDDR6
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    18" QHD+ (2560 x 1600) 165Hz, 3ms 300-Nit Screen + LG 32GQ850-B 32" UltraGear QHD 240hz Monitor
    Screen Resolution
    WQHD (3440 x 1440)
    Hard Drives
    Samsung 990 PRO 2TB + 4TB SSDs
    PSU
    330W AC Power Adapter
    Cooling
    Noctua NT-H2 + Fujipoly Extreme Thermal Pads
    Keyboard
    Alienware CherryMX mechanical keyboard (Laptop) + AW510K Mechanical Gaming Keyboard (external)
    Mouse
    Alienware Tri-Mode Wireless Gaming Mouse AW720M
    Internet Speed
    1 GBPS Down / 350 MBPS Up
    Browser
    Google Chrome
    Antivirus
    Avast Antivirus
  • Operating System
    Windows 11 Education
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 15 9500
    CPU
    Intel i7-10875H
    Memory
    Kingston FURY Impact 64 GB 3200 MHz DDR4 RAM
    Graphics card(s)
    nVIDIA GeForce GTX 1650 Ti Max-Q w/ 4 GB GDDR6
    Sound Card
    Realtek
    Monitor(s) Displays
    15.6 UHD+ Touch, InfinityEdge, 500-nits, Anti-Reflecitve
    Screen Resolution
    3840 x 2400
    Hard Drives
    Samsung 990 PRO 2TB + 4TB SSDs
    PSU
    Dell 130W Laptop Charger USB C Type C AC Adapter
    Cooling
    Noctua NT-H2 Thermal Paste on CPU + GPU
    Mouse
    Logitech MX Anywhere 3
    Internet Speed
    1 GBPS Down / 350 MBPS Up
    Browser
    Google Chrome
    Antivirus
    Avast Free Antivirus
The first thing I do now when I am on a new computer trying to tweak things is run the following command in an elevated command prompt, if the disk wasn't encrypted you'll get a message notifying of that. If it was encrypted, the decryption starts. But this is just wrong to start of with and I wish there was some tweak to do to the Windows installer so this doesn't happen regardless of the computer or hardware in it.

Code:
manage-bde c: -off
(replace c: with any other partition letters that may be present and run the command again)
 

My Computers

System One System Two

  • OS
    Windows 11 Education
    Computer type
    Laptop
    Manufacturer/Model
    Alienware m18 R1
    CPU
    AMD Ryzen 9 7945HX
    Motherboard
    Alienware
    Memory
    Kingston FURY Impact 64 GB 5200 MHz DDR5 RAM
    Graphics Card(s)
    GeForce RTX 4090 16 GB GDDR6
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    18" QHD+ (2560 x 1600) 165Hz, 3ms 300-Nit Screen + LG 32GQ850-B 32" UltraGear QHD 240hz Monitor
    Screen Resolution
    WQHD (3440 x 1440)
    Hard Drives
    Samsung 990 PRO 2TB + 4TB SSDs
    PSU
    330W AC Power Adapter
    Cooling
    Noctua NT-H2 + Fujipoly Extreme Thermal Pads
    Keyboard
    Alienware CherryMX mechanical keyboard (Laptop) + AW510K Mechanical Gaming Keyboard (external)
    Mouse
    Alienware Tri-Mode Wireless Gaming Mouse AW720M
    Internet Speed
    1 GBPS Down / 350 MBPS Up
    Browser
    Google Chrome
    Antivirus
    Avast Antivirus
  • Operating System
    Windows 11 Education
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 15 9500
    CPU
    Intel i7-10875H
    Memory
    Kingston FURY Impact 64 GB 3200 MHz DDR4 RAM
    Graphics card(s)
    nVIDIA GeForce GTX 1650 Ti Max-Q w/ 4 GB GDDR6
    Sound Card
    Realtek
    Monitor(s) Displays
    15.6 UHD+ Touch, InfinityEdge, 500-nits, Anti-Reflecitve
    Screen Resolution
    3840 x 2400
    Hard Drives
    Samsung 990 PRO 2TB + 4TB SSDs
    PSU
    Dell 130W Laptop Charger USB C Type C AC Adapter
    Cooling
    Noctua NT-H2 Thermal Paste on CPU + GPU
    Mouse
    Logitech MX Anywhere 3
    Internet Speed
    1 GBPS Down / 350 MBPS Up
    Browser
    Google Chrome
    Antivirus
    Avast Free Antivirus
This is a serious issue and Microsoft has no right enabling Encryption by default without the user giving consent and knowing what he's getting into.
It's not Microsoft. Your hardware vendor decided they wanted device encryption turned on...

 

My Computers

System One System Two

  • OS
    Win11 Pro 23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-11700K
    Motherboard
    ASUS Prime Z590-A
    Memory
    128GB Crucial Ballistix 3200MHz DRAM
    Graphics Card(s)
    No GPU - CPU graphics only (for now)
    Sound Card
    Realtek (on motherboard)
    Monitor(s) Displays
    HP Envy 32
    Screen Resolution
    2560 x 1440
    Hard Drives
    1 x 1TB NVMe Gen 4 x 4 SSD
    1 x 2TB NVMe Gen 3 x 4 SSD
    2 x 512GB 2.5" SSDs
    2 x 8TB HD
    PSU
    Corsair HX850i
    Case
    Corsair iCue 5000X RGB
    Cooling
    Noctua NH-D15 chromax.black cooler + 10 case fans
    Keyboard
    CODE backlit mechanical keyboard
    Mouse
    Logitech MX Master 3
    Internet Speed
    1Gb Up / 1 Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    Additional options installed:
    WiFi 6E PCIe adapter
    ASUS ThunderboltEX 4 PCIe adapter
  • Operating System
    Win11 Pro 23H2
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo ThinkBook 13x Gen 2
    CPU
    Intel i7-1255U
    Memory
    16 GB
    Graphics card(s)
    Intel Iris Xe Graphics
    Sound Card
    Realtek® ALC3306-CG codec
    Monitor(s) Displays
    13.3-inch IPS Display
    Screen Resolution
    WQXGA (2560 x 1600)
    Hard Drives
    2 TB 4 x 4 NVMe SSD
    PSU
    USB-C / Thunderbolt 4 Power / Charging
    Mouse
    Buttonless Glass Precision Touchpad
    Keyboard
    Backlit, spill resistant keyboard
    Internet Speed
    1Gb Up / 1Gb Down
    Browser
    Edge
    Antivirus
    Windows Defender
    Other Info
    WiFi 6e / Bluetooth 5.1 / Facial Recognition / Fingerprint Sensor / ToF (Time of Flight) Human Presence Sensor
I'm no longer encrypted. Let's see if I can tell the difference.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 15 9510 OLED
    CPU
    11th Gen i9 -11900H
    Memory
    32 GB 3200 MHz DDR4
    Graphics Card(s)
    NVIDIA® GeForce® RTX 3050Ti
    Monitor(s) Displays
    15.6" OLED Infinity Edge Touch
    Screen Resolution
    16:10 Aspect Ratio (3456 x 2160)
    Hard Drives
    1 Terabyte M.2 PCIe NVMe SSD
    2 Thunderbolt™ 4 (USB Type-C™)
    1 USB 3.2 Gen 2 (USB Type-C™)
    SD Card Reader (SD, SDHC, SDXC)
    Internet Speed
    900 Mbps Netgear Orbi + 2 Satellites
    Browser
    Microsoft Edge (Chromium) + Bing
    Antivirus
    Microsoft Windows Security (Defender)
    Other Info
    Microsoft 365 subscription
    Microsoft OneDrive 1TB Cloud
    Microsoft Outlook
    Microsoft OneNote
    Microsoft PowerToys
    Microsoft Visual Studio
    Microsoft Visual Studio Code
    Macrium Reflect
    Dell Support Assist
    Dell Command | Update
    LastPass Password Manager
    Amazon Kindle
    Interactive Brokers Trader Workstation
    Lightroom/Photoshop subscription
  • Operating System
    Windows 11 Pro
    Computer type
    Tablet
    Manufacturer/Model
    Microsoft Surface Pro 7
    CPU
    i5
    Memory
    8 GB
    Hard Drives
    256GB SSD
    Internet Speed
    900 Mbps Netgear Orbi + 2 Satellites
    Browser
    Microsoft Edge (Chromium) + Bing
    Antivirus
    Microsoft Windows Security (Defender)
    Other Info
    Microsoft 365 subscription (Office)
    Microsoft OneDrive 1TB Cloud
    Microsoft Outlook
    Microsoft OneNote
    Microsoft Visual Studio
    Amazon Kindle
    Interactive Brokers Trader Workstation
    Lightroom/Photoshop subscription
BitLocker does not self-enable on ANY of those systems. Ever. Period. I had to manually choose to BitLocker encrypt my drives every single time.
Yes, as I said, bitlocker was not turned on but Device encryption was - the drives were encrypted anyway, without any bitlocker key being provided. This appears to be the default when installing 10/11 Pro. Discussed at length in @NavyLCDR's thread here.


Both @ashleyg in post #80 (with screenshots) and myself in post #85 and post #95 reported exactly the same thing.
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    50 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
Ah mine has been turned off by default for me since changing to win 11 last june/july
 

My Computer

System One

  • OS
    11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    10700k@5.2
    Motherboard
    Gigabyte Gaming X Z490
    Memory
    Viper Steelseries 32gb@ 3600mhz
    Graphics Card(s)
    Gigabyte 2070 Super 8GB, +200 core + 600 memory
    Monitor(s) Displays
    ASUS 4k HDR, Two 1080p Benq and Samsung
    Screen Resolution
    3840x2160/2560x1440/1920x1080
    Hard Drives
    Adata XPG SX8200 PRO 1tb
    Samsung EVO 870 500GB
    PSU
    Corsair RX 650
    Case
    NZXT h510
    Cooling
    CM HYPER 212 RGB
    Keyboard
    Razer Ornata Chroma
    Mouse
    Steelseries Rival 710
In my case I recently purchased a new Lenovo IdeaPad laptop that came with Win11. I've had the laptop for about a week and I've done quite a few Win11 clean installs because I like to tinker. Anyhow, to answer your question, if i DISABLE SECURE BOOT in the bios Win11 will not encrypt the drive after a clean install. If I ENABLE SECURE BOOT in the bios Win11 will encrypt the drive after a clean install every time.

I've ran CRYSTAL DISKMARK with encryption ENABLED and DISABLED and there is no performance hit. If you have a modern system I'd recommend letting Win11 encrypt the drive so that your data is protected.

My opinions are mine and mine alone. Take it for what it's worth.
 

My Computer

System One

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo
    CPU
    i5-1135G7
    Motherboard
    Lenovo
    Memory
    20GB
    Graphics Card(s)
    Iris Xe
    Sound Card
    onboard
    Monitor(s) Displays
    1
    Screen Resolution
    1080p
    Hard Drives
    Samsung 970 Evo Plus
    PSU
    onboard
    Case
    onboard
    Cooling
    onboard
    Keyboard
    onboard
    Mouse
    Microsoft bluetooth
    Internet Speed
    500/50
    Browser
    several
    Antivirus
    Windows Security by Microsoft

Latest Support Threads

Back
Top Bottom