Modify W11 Home installer so it does not automatically enable Device Encryption


cereberus

cereberus

Well-known member
Guru
VIP
Local time
10:50 PM
Posts
7,316
OS
Windows 11 Pro + Win11 Canary VM.
As many have found, if you clean install Windows 11 on a laptop with a TPM and modern standby with an MS account, Bitlocker Device Encryption is automatically enabled. It is well explained here.

I used the standard MS iso and clean installed Home and pc was automatically bitlocker device encrypted.

learn.microsoft.com

BitLocker drive encryption in Windows 11 for OEMs

OEMs can configure hardware to support Windows 11 automatic device encryption.
learn.microsoft.com

This is the important paragraph if you get a pc with it preinstalled (or clean install your self). Most do not install )

Disable BitLocker automatic device encryption

OEMs can choose to disable device encryption and (optionally) instead implement their own encryption technology on a device. To disable BitLocker automatic device encryption, you can use an Unattend file and set PreventDeviceEncryption to True. Alternately, you can update this registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLocker Value: PreventDeviceEncryption equal to True (1).

When I checked the standard iso, keys CurrentControlSet, Control, BitLocker and Dword PreventDeviceEncryption are not even in the install.wim (or install.esd) registry (system hive).

So I mounted install.wim from the standard iso using @Kari's (who else :D) tutorial, loaded the system registry hive, added the above key words and dword, then dismounted iso updating install.wim.

I then created a usb installer, and updated the install.wim with version created above.
I then clean installed again, and this time it did nor enable bitlocker device encryption.

However, you can also do it with an unattend.xml file which is probably easier.

In the end, for a single installation, it is probably quicker just to turn bitlocker device encryption off.

There is actually an even easier way if you bypass using an MS account - bitlocker device encryption is not automatically enabled (as nowhere to store a recovery key).

As far as I can make out none of the major oem vendors are modifying the registry so bitlocker device encryption is not automatically enabled on Windows 10 Home for compatible pcs.
 

My Computer

System One

  • OS
    Windows 11 Pro + Win11 Canary VM.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Zenbook 14
    CPU
    I9 13th gen i9-13900H 2.60 GHZ
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB soldered
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    laptop OLED screen
    Screen Resolution
    2880x1800 touchscreen
    Hard Drives
    1 TB NVME SSD (only weakness is only one slot)
    PSU
    Internal + 65W thunderbolt USB4 charger
    Case
    Yep, got one
    Cooling
    Stella Artois (UK pint cans - 568 ml) - extra cost.
    Keyboard
    Built in UK keybd
    Mouse
    Bluetooth , wireless dongled, wired
    Internet Speed
    900 mbs (ethernet), wifi 6 typical 350-450 mb/s both up and down
    Browser
    Edge
    Antivirus
    Defender
    Other Info
    TPM 2.0, 2xUSB4 thunderbolt, 1xUsb3 (usb a), 1xUsb-c, hdmi out, 3.5 mm audio out/in combo, ASUS backlit trackpad (inc. switchable number pad)

    Macrium Reflect Home V8
    Office 365 Family (6 users each 1TB onedrive space)
    Hyper-V (a vm runs almost as fast as my older laptop)
You must log in or register to reply here.

Similar threads

Solved Automatically Connecting WiFi Does Not Automatically Connect
Replies
6
Views
1K
kelper
kelper

Latest Support Threads

Latest Tutorials

Back
Top Bottom