Guide  When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

How to prevent Windows 11 from encrypting your disks during installation

Neowin · · Hot! with 98 comments

Windows 11 logo

Clean-installing Windows 11 may soon result in the operating system encrypting your drives without asking. Not just the system drive but all drives. And not just in Pro SKUs but Home as well. Why is this a problem, you may ask? The initial setup experience does not mention that, so unsuspicious users may lose their data after discovering that they do not have decryption keys after reinstalling Windows.

In a nutshell, the problem is that Microsoft won't let users decide whether to encrypt their drives or just warn them about it.

Although the story about automatic encryption broke out this week, Microsoft quietly announced the change as part of build 25905 in July 2023:

Starting with this build, we have adjusted the prerequisites (removal of Modern Standby/HSTI validation and untrusted DMA ports check) for enabling device encryption so that it is automatically enabled when doing clean installs of Windows 11.

You can make sure your fresh Windows 11 installation does not encrypt drives by either modifying the install image or tweaking the registry at the beginning of the onboarding experience, which is also known as OOBE.

Option 1: Disable encryption in Windows Registry

After hearing the startup chime, Windows 11 will prompt you to select the right country or region. At this point, you need to open Windows Registry and tell the OS not to encrypt your drives.

  1. Press Shift + F10 (or Shift + Fn + F10), type regedit, and press Enter. This will launch the Registry Editor.
  2. Go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\BitLocker and right-click the BitLocker key (folder).
  3. Select New > Dword (32-bit) Value and rename it to PreventDeviceEncryption.
  4. Open the newly made value and change its value data from 0 to 1 (via Deskmodder).
    Windows Registry Editor with BitLocker Value
  5. Close the editor and Command Prompt, then proceed with the onboarding experience as usual.

To check your drives' encryption, launch Command Prompt as Administrator and type manage-bde -status. Command Prompt will return the list of your drives, so check the "Conversion Status" field—it should say "Full Decrypted."

Command Prompt in Windows 11 with BItLocker Status

Option 2: Modify a Windows 11 image

If you want a more user-friendly or permanent solution, say, you want to install Windows 11 on a couple of machines, then modifying a Windows 11 image is a better option that will save you some time. A third-party app called Rufus will help you prevent Windows 11 from encrypting your device.

  1. Download Rufus from its official website.
  2. Get a Windows 11 image from the official website or the Media Creation Tool.
  3. Connect a USB drive, select the image, and click Start.
  4. Rufus will prompt you to select a few options to improve your user experience. The one you need is at the very bottom, called "Disable BitLocker automatic device encryption."
    A prompt in the Rufus app asking to specify Windows 11 install options
  5. Once you finish creating your media, install Windows 11 as you usually do.

Note that disabling automatic disk encryption will not prevent you from using BitLocker in the future.

Report a problem with article
lexar nm790 with heatsink
Next Article

These 4TB, 2TB, 1TB NVMe PCIe Gen4 SSDs with heatsinks are on sale at low prices

quakecon 2024
Previous Article

QuakeCon 2024 announced for August 8-11; will it be used to officially reveal Quake 6?

Join the conversation!

Login or Sign Up to read and post a comment.

98 Comments - Add comment