If you do not want to use hardware-based encryption on operating system drives or C drive for BitLocker, here is how you can disable this security feature. You can turn on or off hardware-based encryption on operating system drives using Local Group Policy Editor and Registry Editor on Windows 11 or Windows 10 computers.
How to disable Hardware-based encryption on operating system drives
To disable hardware-based encryption on operating system drives for BitLocker in Windows 11/10 using Group Policy Editor, follow these steps:
- Search for group policy in the Taskbar search box.
- Click on the search result.
- Go to Operating System Drives in Computer Configuration.
- Double-click on the Configure use of hardware-based encryption for operating system drives setting.
- Choose the Disabled option.
- Click the OK button.
To learn more about these steps, continue reading.
For getting started, search for the group policy or gpedit.msc in the Taskbar search box and click on the Edit group policy search result.
Once the Local Group Policy Editor is opened on your computer, navigate to this path:
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives
On the right-hand side, you can see a setting called Configure use of hardware-based encryption for operating system drives. You need to double-click on this setting and choose the Disabled option.
Then, click the OK button to save the change.
Note: If you want to automatically opt for software-based encryption when hardware encryption is not available, you can choose the Enabled option and tick the use BitLocker software-based encryption when hardware encryption is not available checkbox.
How to disable hardware-based encryption on operating system drives using Registry
To disable hardware-based encryption on operating system drives for BitLocker using Registry, follow these steps:
- Press Win+R > type regedit > click the OK button.
- Click the Yes button.
- Go to Microsoft in HKLM.
- Right-click on Microsoft > New > Key and set the name as FVE.
- Right-click on FVE > New > DWORD (32-bit) Value.
- Name it as OSHardwareEncryption.
- Create two more REG_DWORD values named OSAllowSoftwareEncryptionFailover and OSRestrictHardwareEncryptionAlgorithms.
- Close windows and restart your PC.
Let’s check out these steps in detail.
First, press Win+R to open the Run dialog, type regedit, click the OK button, and click the Yes button to open the Registry Editor.
Then, navigate to this path:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft
Right-click on Microsoft > New > Key and call it FVE.
Right-click on FVE > New > DWORD (32-bit) Value and set the name as OSHardwareEncryption.
Here you need to create two more REG_DWORD values and name them as follows:
- OSAllowSoftwareEncryptionFailover
- OSRestrictHardwareEncryptionAlgorithms
By default, all of them come with a Value data of 0, and you need to keep it.
Finally, close all the windows and restart your computer. Once done, you can find the changes immediately.
Note: If you want to switch to the software-based encryption when hardware- encryption is not available, you need to set the Value data of OSHardwareEncryption and OSAllowSoftwareEncryptionFailover as 1. Then, create an Expandable String Value named OSAllowedHardwareEncryptionAlgorithms and set the Value data as per the encryption.
Read: Choose how BitLocker unlocks OS Drive at Startup
How do I disable BitLocker on my operating system?
To disable BitLocker on your operating system, you have three options. You can use the Control Panel, Local Group Policy Editor, and Registry Editor. All you need to do is to disable the BitLocker for the C drive or system drive. For that, you can use the Turn off BitLocker option in the BitLocker Drive Encryption panel.
How do I know if my hard drive is encrypted?
To know if your hard drive is encrypted or not, you can open the BitLocker Drive Encryption panel on your computer. Next, expand the Operating system drive section. If you see the C: BitLocker off message, it means that the hard drive is not encrypted. Similarly, if you find the same message for other Fixed data drives, it means that BitLocker is not enabled.
Read: Turn On or Off Auto-unlock for BitLocker Encrypted Data Drives.
