How to disable Hardware-based encryption on operating system drives

To disable hardware-based encryption on operating system drives for BitLocker in Windows 11/10 using Group Policy Editor, follow these steps: To learn more about these steps, continue reading. For getting started, search for the group policy or gpedit.msc in the Taskbar search box and click on the Edit group policy search result. Once the Local Group Policy Editor is opened on your computer, navigate to this path: On the right-hand side, you can see a setting called Configure use of hardware-based encryption for operating system drives. You need to double-click on this setting and choose the Disabled option.

Then, click the OK button to save the change. Note: If you want to automatically opt for software-based encryption when hardware encryption is not available, you can choose the Enabled option and tick the use BitLocker software-based encryption when hardware encryption is not available checkbox.

How to disable hardware-based encryption on operating system drives using Registry

To disable hardware-based encryption on operating system drives for BitLocker using Registry, follow these steps: Let’s check out these steps in detail. First, press Win+R to open the Run dialog, type regedit, click the OK button, and click the Yes button to open the Registry Editor. Then, navigate to this path: Right-click on Microsoft > New > Key and call it FVE.

Right-click on FVE > New > DWORD (32-bit) Value and set the name as OSHardwareEncryption.

Here you need to create two more REG_DWORD values and name them as follows:

OSAllowSoftwareEncryptionFailoverOSRestrictHardwareEncryptionAlgorithms

By default, all of them come with a Value data of 0, and you need to keep it.

Finally, close all the windows and restart your computer. Once done, you can find the changes immediately. Note: If you want to switch to the software-based encryption when hardware- encryption is not available, you need to set the Value data of OSHardwareEncryption and OSAllowSoftwareEncryptionFailover as 1. Then, create an Expandable String Value named OSAllowedHardwareEncryptionAlgorithms and set the Value data as per the encryption. Read: Choose how BitLocker unlocks OS Drive at Startup

How do I disable BitLocker on my operating system?

To disable BitLocker on your operating system, you have three options. You can use the Control Panel, Local Group Policy Editor, and Registry Editor. All you need to do is to disable the BitLocker for the C drive or system drive. For that, you can use the Turn off BitLocker option in the BitLocker Drive Encryption panel.

How do I know if my hard drive is encrypted?

To know if your hard drive is encrypted or not, you can open the BitLocker Drive Encryption panel on your computer. Next, expand the Operating system drive section. If you see the C: BitLocker off message, it means that the hard drive is not encrypted. Similarly, if you find the same message for other Fixed data drives, it means that BitLocker is not enabled. Read: Turn On or Off Auto-unlock for BitLocker Encrypted Data Drives.