TCGSecurityActivationDisabled Registry entry


suatcini54

suatcini54

Well-known member
Member
Local time
2:26 AM
Posts
138
OS
Windows 11 Pro build 26200.5622 (Dev)
Hi.

In Windows 11 Pro Registry, there are these registry entries in several locations: "TCGSecurityActivationDisabled"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Storage\EnhancedStorageDevices]
"admxMetadataDevice"=hex:30,31,3d,01,00,00,00,00,32,3d,00,00,00,00,00,00
"Behavior"=dword:00000060
"mergealgorithm"=dword:00000003
"policytype"=dword:00000001
"RegKeyPathRedirect"="Software\\Policies\\Microsoft\\Windows\\EnhancedStorageDevices"
"RegValueNameRedirect"="TCGSecurityActivationDisabled"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices]
"TCGSecurityActivationDisabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows\EnhancedStorageDevices]
"TCGSecurityActivationDisabled"=dword:00000000

I don't have encryption enabled in my PC. Therefore, value of this reg entry "TCGSecurityActivationDisabled" must be 1. But it is 0 in my Windows 11 installation in strict conflict with Microsoft Article: TCGSecurityActivationDisabled

Does anyone have an explanation about why I have a 0 value for this reg entry ?

Could it be because my PC has been upgraded on and on since 2019 from Windows 10 Pro to Windows 11 Pro ?
 

My Computers

System One System Two

  • OS
    Windows 11 Pro build 26200.5622 (Dev)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-4790
    Motherboard
    Asus H97 Pro Gamer with add-on TPM1.2 module
    Memory
    Teams DDR3-1600
    Graphics Card(s)
    MSI Nvidia GeForce GTX 1050Ti
    Sound Card
    Realtek ALC1150
    Monitor(s) Displays
    LG Flatron E2250
    Screen Resolution
    1920 by 1080 pixels
    Hard Drives
    Crucial NVMe PCIe M2 500 GB (Windows 11 v.24H2); Samsung SSD Evo 870 500 GB (Windows 11 v.24H2);
    PSU
    Corsair HX850
    Case
    Gigabyte Solo 210
    Cooling
    Zalman CNPS7X Tower
    Keyboard
    Microsoft AIO Wireless (includes touchpad)
    Mouse
    HP S1000 Plus Wireless
    Internet Speed
    200 Mb fiber optic
    Browser
    Chrome; MS Edge
    Antivirus
    Windows Defender
  • Operating System
    MacOS 12 Monterey
    Computer type
    Laptop
    Manufacturer/Model
    Apple Macbook Air
    CPU
    Intel Core i5
    Memory
    8 GB
    Graphics card(s)
    Intel integrated
    Screen Resolution
    1440 by 900 pixels
    Hard Drives
    128 GB
    Mouse
    Microsoft Wireless
    Keyboard
    Built-in
    Internet Speed
    802.11 ac
    Browser
    Chrome; Safari
    Antivirus
    N/A
its to do with drive encryption.
a value of 1 .. drive does not auto encrypt
a value of 0 .. drive auto encrypts
a value of 0 is the default value
learn.microsoft.com

TCGSecurityActivationDisabled

TCGSecurityActivationDisabled
learn.microsoft.com

i would leave the registry value at the default setting.
best of luck, Steve ..
 

My Computers

System One System Two

  • OS
    Win 11 24H2 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP 24" AiO
    CPU
    Ryzen 7 5825u
    Motherboard
    HP
    Memory
    64GB DDR4 3200
    Graphics Card(s)
    Ryzen 7 5825u
    Sound Card
    RealTek
    Monitor(s) Displays
    24" HP AiO
    Hard Drives
    1TB WD Blue SN580 M2 SSD Partitioned.
    2x 1TB USB HDD External Backup/Storage.
    Internet Speed
    1GB full fibre
    Browser
    Edge & Thunderbird
    Antivirus
    AVG Internet Security
    Other Info
    Mainly Open Source Software
  • Operating System
    Ubuntu 22.04.5 LTS
    Computer type
    Laptop
    Manufacturer/Model
    Dell 13" Latitude 2017
    CPU
    i5 7200u
    Motherboard
    Dell
    Memory
    16GB DDR4
    Graphics card(s)
    Intel
    Sound Card
    Intel
    Monitor(s) Displays
    13" Dell Laptop
    Hard Drives
    250GB Crucial 2.5" SSD
    Mouse
    Gerenic 3 button
    Internet Speed
    WiFi only
    Browser
    FireFox
    Antivirus
    ClamAV TK
    Other Info
    Mainly Open Source Software
I have it set to '1' on Windows Home.
BitLocker was disabled during the Windows installation and no eHDDs either.

learn.microsoft.com

Factory Encrypted Drives

Factory Encrypted Drives
learn.microsoft.com
 
Last edited:

My Computer

System One

  • OS
    Microsoft Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    MSI MS-7D98
    CPU
    Intel Core i5-13490F
    Motherboard
    MSI B760 GAMING PLUS WIFI
    Memory
    2 x 16 Patriot Memory (PDP Systems) PSD516G560081
    Graphics Card(s)
    GIGABYTE GeForce RTX 4070 WINDFORCE OC 12G (GV-N4070WF3OC-12GD)
    Sound Card
    Bluetooth Аудио
    Monitor(s) Displays
    INNOCN 15K1F
    Screen Resolution
    1920 x 1080
    Hard Drives
    WD_BLACK SN770 250GB
    KINGSTON SNV2S1000G (ELFK0S.6)
    PSU
    Thermaltake Toughpower GF3 1000W
    Case
    CG560 - DeepCool
    Cooling
    ID-COOLING SE-224-XTS / 2 x 140Mm Fan - rear and top; 3 x 120Mm - front
    Keyboard
    Corsair K70 RGB TKL
    Mouse
    Corsair KATAR PRO XT
    Internet Speed
    100 Mbps
    Browser
    Firefox
    Antivirus
    Microsoft Defender Antivirus
    Other Info
    https://www.userbenchmark.com/UserRun/66553205
Sometimes, enabling secure boot to install Windows 11 has a unexpected consequences- people start seeing that the Bitlocker automatically turns ON and starts encrypting their drive without their permission.
Click to expand...
suatcini54 said:
I don't have encryption enabled in my PC.
Click to expand...
MS enables it automatically lately. I always disable encryption, yet updates enabled it and stole my files.
Note that there is Bitlocker and then there is Device Encryption. You can check it via command as admin:
Code: 
manage-bde -status
 

Attachments

  • capture_06062025_100800.webp
    capture_06062025_100800.webp
    53.3 KB · Views: 1

My Computer

System One

  • OS
    Windows 11 Home
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 8600G (07/24)
    Motherboard
    ASROCK B650M-HDV/M.2 3.25 (07/24)
    Memory
    2x32GB Kingston FURY DDR5 5600 MHz CL36 @5200 CL40 (07/24)
    Graphics Card(s)
    ASROCK Radeon RX 6600 Challenger D 8G @48FPS (08/24)
    Sound Card
    Creative Sound BlasterX AE-5 Plus (05/24)
    Monitor(s) Displays
    24" Philips 24M1N3200ZS/00 (05/24)
    Screen Resolution
    1920×1080@165Hz via DP1.4
    Hard Drives
    Kingston KC3000 NVMe 2TB (05/24)
    ADATA XPG GAMMIX S11 Pro 512GB (07/19)
    PSU
    Seasonic Core GM 550 Gold (04/24)
    Case
    Fractal Design Define 7 Mini with 3x Noctua NF-P14s/12@555rpm (04/24)
    Cooling
    Noctua NH-U12S with Noctua NF-P12 (04/24)
    Keyboard
    HP Pavilion Wired Keyboard 300 (07/24) + Rabalux 76017 Parker (01/24)
    Mouse
    Logitech M330 Silent Plus (04/23)
    Internet Speed
    500/100 Mbps via RouterOS (05/21) & TCP Optimizer
    Browser
    Edge & Brave for YouTube & LibreWolf for FB
    Antivirus
    NextDNS blocking 99% TLDs
    Other Info
    Backup: Hasleo Backup Suite (PreOS)
    Headphones: Sennheiser RS170 (09/10)
    Phone: Samsung Galaxy Xcover 7 (02/24)
    Chair: Huzaro Force 4.4 Grey Mesh (05/24)
    Notifier: Xiaomi Mi Band 9 Milanese (10/24)
    2nd Monitor: AOC G2460VQ6 @75Hz (02/19)
you can disable bitlocker in the services and then leave the registry as default.
thats they way i have on my system, but i hasten to add i have C:drive encrypted with veracrypt.

best of luck, Steve ..
 

My Computers

System One System Two

  • OS
    Win 11 24H2 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP 24" AiO
    CPU
    Ryzen 7 5825u
    Motherboard
    HP
    Memory
    64GB DDR4 3200
    Graphics Card(s)
    Ryzen 7 5825u
    Sound Card
    RealTek
    Monitor(s) Displays
    24" HP AiO
    Hard Drives
    1TB WD Blue SN580 M2 SSD Partitioned.
    2x 1TB USB HDD External Backup/Storage.
    Internet Speed
    1GB full fibre
    Browser
    Edge & Thunderbird
    Antivirus
    AVG Internet Security
    Other Info
    Mainly Open Source Software
  • Operating System
    Ubuntu 22.04.5 LTS
    Computer type
    Laptop
    Manufacturer/Model
    Dell 13" Latitude 2017
    CPU
    i5 7200u
    Motherboard
    Dell
    Memory
    16GB DDR4
    Graphics card(s)
    Intel
    Sound Card
    Intel
    Monitor(s) Displays
    13" Dell Laptop
    Hard Drives
    250GB Crucial 2.5" SSD
    Mouse
    Gerenic 3 button
    Internet Speed
    WiFi only
    Browser
    FireFox
    Antivirus
    ClamAV TK
    Other Info
    Mainly Open Source Software
XxXxX said:
you can disable bitlocker in the services and then leave the registry as default.
thats they way i have on my system, but i hasten to add i have C:drive encrypted with veracrypt.

best of luck, Steve ..
Click to expand...
Thanks.

But sometimes it may be better to avoid encrytion altogether during clean-installation of Windows. Otherwise, one has to decrypt encryption once Windows is installed. Therefore, adding the registry entries into Windows installation disk may prove beneficial for those taking the burden to add reg entries into install.wim file.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro build 26200.5622 (Dev)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-4790
    Motherboard
    Asus H97 Pro Gamer with add-on TPM1.2 module
    Memory
    Teams DDR3-1600
    Graphics Card(s)
    MSI Nvidia GeForce GTX 1050Ti
    Sound Card
    Realtek ALC1150
    Monitor(s) Displays
    LG Flatron E2250
    Screen Resolution
    1920 by 1080 pixels
    Hard Drives
    Crucial NVMe PCIe M2 500 GB (Windows 11 v.24H2); Samsung SSD Evo 870 500 GB (Windows 11 v.24H2);
    PSU
    Corsair HX850
    Case
    Gigabyte Solo 210
    Cooling
    Zalman CNPS7X Tower
    Keyboard
    Microsoft AIO Wireless (includes touchpad)
    Mouse
    HP S1000 Plus Wireless
    Internet Speed
    200 Mb fiber optic
    Browser
    Chrome; MS Edge
    Antivirus
    Windows Defender
  • Operating System
    MacOS 12 Monterey
    Computer type
    Laptop
    Manufacturer/Model
    Apple Macbook Air
    CPU
    Intel Core i5
    Memory
    8 GB
    Graphics card(s)
    Intel integrated
    Screen Resolution
    1440 by 900 pixels
    Hard Drives
    128 GB
    Mouse
    Microsoft Wireless
    Keyboard
    Built-in
    Internet Speed
    802.11 ac
    Browser
    Chrome; Safari
    Antivirus
    N/A
suatcini54 said:
Thanks.

But sometimes it may be better to avoid encrytion altogether during clean-installation of Windows. Otherwise, one has to decrypt encryption once Windows is installed. Therefore, adding the registry entries into Windows installation disk may prove beneficial for those taking the burden to add reg entries into install.wim file.
Click to expand...
You can disable automatic device encryption from the unattended file. Rufus does that.
 

My Computer

System One

  • OS
    Windows 7
garlin said:
You can disable automatic device encryption from the unattended file. Rufus does that.
Click to expand...
Thanks @garlin

Appreciate the info. I will check it when I actually need to clean-install Windows.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro build 26200.5622 (Dev)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home Built
    CPU
    Intel i7-4790
    Motherboard
    Asus H97 Pro Gamer with add-on TPM1.2 module
    Memory
    Teams DDR3-1600
    Graphics Card(s)
    MSI Nvidia GeForce GTX 1050Ti
    Sound Card
    Realtek ALC1150
    Monitor(s) Displays
    LG Flatron E2250
    Screen Resolution
    1920 by 1080 pixels
    Hard Drives
    Crucial NVMe PCIe M2 500 GB (Windows 11 v.24H2); Samsung SSD Evo 870 500 GB (Windows 11 v.24H2);
    PSU
    Corsair HX850
    Case
    Gigabyte Solo 210
    Cooling
    Zalman CNPS7X Tower
    Keyboard
    Microsoft AIO Wireless (includes touchpad)
    Mouse
    HP S1000 Plus Wireless
    Internet Speed
    200 Mb fiber optic
    Browser
    Chrome; MS Edge
    Antivirus
    Windows Defender
  • Operating System
    MacOS 12 Monterey
    Computer type
    Laptop
    Manufacturer/Model
    Apple Macbook Air
    CPU
    Intel Core i5
    Memory
    8 GB
    Graphics card(s)
    Intel integrated
    Screen Resolution
    1440 by 900 pixels
    Hard Drives
    128 GB
    Mouse
    Microsoft Wireless
    Keyboard
    Built-in
    Internet Speed
    802.11 ac
    Browser
    Chrome; Safari
    Antivirus
    N/A
You must log in or register to reply here.

Similar threads

Regshot real value in identifying registry entry changes?
Replies
9
Views
779
dacrone
dacrone
Solved Is there a registry entry to stabilize the size of windows on the taskbar?
Replies
15
Views
1K
dacrone
dacrone
Windows Keeps Creating New Network Profile Registry Entries
Replies
16
Views
1K
steveg
steveg
resolved, was 'registry tweak to vertically stack "peek" icons over taskbar app icon'
Replies
1
Views
326
jorba
J
Macrium Registry Entry. Can anyone help with the correct syntax to construct this entry.
Replies
17
Views
3K
Mooly
M

Latest Support Threads

Latest Tutorials

Back
Top Bottom