- Local time
- 2:28 PM
- Posts
- 5,688
- OS
- Windows 10 Pro + others in VHDs
As many have found, if you clean install Windows 11 on a laptop with a TPM and modern standby with an MS account, Bitlocker Device Encryption is automatically enabled. It is well explained here.
I used the standard MS iso and clean installed Home and pc was automatically bitlocker device encrypted.
This is the important paragraph if you get a pc with it preinstalled (or clean install your self). Most do not install )
When I checked the standard iso, keys CurrentControlSet, Control, BitLocker and Dword PreventDeviceEncryption are not even in the install.wim (or install.esd) registry (system hive).
So I mounted install.wim from the standard iso using @Kari's (who else
) tutorial, loaded the system registry hive, added the above key words and dword, then dismounted iso updating install.wim.
I then created a usb installer, and updated the install.wim with version created above.
I then clean installed again, and this time it did nor enable bitlocker device encryption.
However, you can also do it with an unattend.xml file which is probably easier.
In the end, for a single installation, it is probably quicker just to turn bitlocker device encryption off.
There is actually an even easier way if you bypass using an MS account - bitlocker device encryption is not automatically enabled (as nowhere to store a recovery key).
As far as I can make out none of the major oem vendors are modifying the registry so bitlocker device encryption is not automatically enabled on Windows 10 Home for compatible pcs.
I used the standard MS iso and clean installed Home and pc was automatically bitlocker device encrypted.
BitLocker drive encryption in Windows 10 for OEMs
OEMs can configure hardware to support Windows 10 automatic device encryption.
learn.microsoft.com
This is the important paragraph if you get a pc with it preinstalled (or clean install your self). Most do not install )
Disable BitLocker automatic device encryption
OEMs can choose to disable device encryption and (optionally) instead implement their own encryption technology on a device. To disable BitLocker automatic device encryption, you can use an Unattend file and set PreventDeviceEncryption to True. Alternately, you can update this registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLocker Value: PreventDeviceEncryption equal to True (1).When I checked the standard iso, keys CurrentControlSet, Control, BitLocker and Dword PreventDeviceEncryption are not even in the install.wim (or install.esd) registry (system hive).
So I mounted install.wim from the standard iso using @Kari's (who else
) tutorial, loaded the system registry hive, added the above key words and dword, then dismounted iso updating install.wim.I then created a usb installer, and updated the install.wim with version created above.
I then clean installed again, and this time it did nor enable bitlocker device encryption.
However, you can also do it with an unattend.xml file which is probably easier.
In the end, for a single installation, it is probably quicker just to turn bitlocker device encryption off.
There is actually an even easier way if you bypass using an MS account - bitlocker device encryption is not automatically enabled (as nowhere to store a recovery key).
As far as I can make out none of the major oem vendors are modifying the registry so bitlocker device encryption is not automatically enabled on Windows 10 Home for compatible pcs.
My Computer
System One
-
- OS
- Windows 10 Pro + others in VHDs
- Computer type
- Laptop
- Manufacturer/Model
- ASUS Vivobook 14
- CPU
- I7
- Motherboard
- Yep, Laptop has one.
- Memory
- 16 GB
- Graphics Card(s)
- Integrated Intel Iris XE
- Sound Card
- Realtek built in
- Monitor(s) Displays
- N/A
- Screen Resolution
- 1920x1080
- Hard Drives
- 1 TB Optane NVME SSD, 1 TB NVME SSD
- PSU
- Yep, got one
- Case
- Yep, got one
- Cooling
- Stella Artois
- Keyboard
- Built in
- Mouse
- Bluetooth , wired
- Internet Speed
- 72 Mb/s :-(
- Browser
- Edge mostly
- Antivirus
- Defender
- Other Info
- TPM 2.0
