Jump to content

Confused about Bitlocker

Misanthropic_Turtle
By Misanthropic_Turtle
in Windows
 Share
Posted

I'm going to clean install Windows 11 on my same machine soon, same drive. I'm reading conflicting things about whether Bitlocker is enabled by default. On my current install, it is not enabled, and as far as I know it was always that way- I never disabled it. 

 

I DO NOT want Bitlocker enabled, ever.

 

So, when I clean install Windows, should I expect the same thing? Will it be disabled by default, like it is now? Or will I be surprised to find it enabled, then have to disable it and decrypt everything? What determines this? I want it to be disabled by default.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
3 minutes ago, Misanthropic_Turtle said:

I'm going to clean install Windows 11 on my same machine soon, same drive. I'm reading conflicting things about whether Bitlocker is enabled by default. On my current install, it is not enabled, and as far as I know it was always that way- I never disabled it. 

 

I DO NOT want Bitlocker enabled, ever.

 

So, when I clean install Windows, should I expect the same thing? Will it be disabled by default, like it is now? Or will I be surprised to find it enabled, then have to disable it and decrypt everything? What determines this? I want it to be disabled by default.

Use rufus after downloading the windows 11 iso from the microsoft installer maker. Rufus then when clicking start will ask you if you wish to disable a bunch of things including bitlocker

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

When installing via a newer Windows 11 installer created using the Windows Media Creation Tool, Bitlocker will be soft enabled when you sign in via a Microsoft Account during initial setup. If you set up Windows using a Local Account instead, it will not be. I always just check in the Bitlocker settings after I get Windows installed and double check to make sure it isn't enabled or soft enabled. If it is soft enabled it will be basically half on, but not activated until you enable it. It for some dumb reason will still have the Windows file system encrypted so when you turn it off it will need to decrypt some files.

 

If you create the installer using Rufus and disable Bitlocker from the beginning, or set it up with a Local Account you won't have to worry about Bitlocker at all.

Main Desktop: CPU - i9-14900k | Mobo - Gigabyte Z690 Aorus Elite AX DDR4 | GPU - ASUS TUF Gaming OC RTX 4090 RAM - Corsair Vengeance Pro RGB 64GB 3600mhz | AIO - H150i Pro XT | PSU - Corsair RM1000X | Case - Phanteks P500A Digital - White | Storage - Samsung 970 Pro M.2 NVME SSD 512GB / Sabrent Rocket 1TB Nvme / Samsung 860 Evo Pro 500GB / Samsung 970 EVO Plus 2tb Nvme / Samsung 870 QVO 4TB  |

 

TV Streaming PC: Intel Nuc CPU - i7 8th Gen | RAM - 16GB DDR4 2666mhz | Storage - 256GB WD Black M.2 NVME SSD |

 

Phone: Samsung Galaxy Z Fold 4 - Phantom Black 512GB |

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
4 minutes ago, SpookyCitrus said:

When installing via a newer Windows 11 installer created using the Windows Media Creation Tool, Bitlocker will be soft enabled when you sign in via a Microsoft Account during initial setup. If you set up Windows using a Local Account instead, it will not be. I always just check in the Bitlocker settings after I get Windows installed and double check to make sure it isn't enabled or soft enabled. If it is soft enabled it will be basically half on, but not activated until you enable it. It for some dumb reason will still have the Windows file system encrypted so when you turn it off it will need to decrypt some files.

 

If you create the installer using Rufus and disable Bitlocker from the beginning, or set it up with a Local Account you won't have to worry about Bitlocker at all.

Gotcha. Currently, it says "Bitlocker off." How can I determine whether its soft enabled?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
8 minutes ago, Misanthropic_Turtle said:

Gotcha. Currently, it says "Bitlocker off." How can I determine whether its soft enabled?

It will say Bitlocker suspended, or I have seen it say Bitlocker on but not active. If it says Bitclocker Off then it's actually off.

Main Desktop: CPU - i9-14900k | Mobo - Gigabyte Z690 Aorus Elite AX DDR4 | GPU - ASUS TUF Gaming OC RTX 4090 RAM - Corsair Vengeance Pro RGB 64GB 3600mhz | AIO - H150i Pro XT | PSU - Corsair RM1000X | Case - Phanteks P500A Digital - White | Storage - Samsung 970 Pro M.2 NVME SSD 512GB / Sabrent Rocket 1TB Nvme / Samsung 860 Evo Pro 500GB / Samsung 970 EVO Plus 2tb Nvme / Samsung 870 QVO 4TB  |

 

TV Streaming PC: Intel Nuc CPU - i7 8th Gen | RAM - 16GB DDR4 2666mhz | Storage - 256GB WD Black M.2 NVME SSD |

 

Phone: Samsung Galaxy Z Fold 4 - Phantom Black 512GB |

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
Just now, SpookyCitrus said:

It will say Bitlocker suspended, or I have seen it say Bitlocker on but not active. If it says Bitclocker Off then it's actually off.

So I wonder how I was lucky enough for it to have been off in the first place? I have Windows 11 Pro activated with an OEM key, and I activated it when I installed. How did I get so lucky and have it disabled by default?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
27 minutes ago, jaslion said:

Use rufus after downloading the windows 11 iso from the microsoft installer maker. Rufus then when clicking start will ask you if you wish to disable a bunch of things including bitlocker

Okey dokey, seems like Rufus is the way to do things.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
4 minutes ago, Misanthropic_Turtle said:

So I wonder how I was lucky enough for it to have been off in the first place? I have Windows 11 Pro activated with an OEM key, and I activated it when I installed. How did I get so lucky and have it disabled by default?

If you used an older installer, only recent installers within the last few months have had it enable by default, and it only enables if you sign in with a Microsoft Account during the initial setup. If you just did a local account or used an installer from more than like 3 or 4 months ago it would likely be off.

Main Desktop: CPU - i9-14900k | Mobo - Gigabyte Z690 Aorus Elite AX DDR4 | GPU - ASUS TUF Gaming OC RTX 4090 RAM - Corsair Vengeance Pro RGB 64GB 3600mhz | AIO - H150i Pro XT | PSU - Corsair RM1000X | Case - Phanteks P500A Digital - White | Storage - Samsung 970 Pro M.2 NVME SSD 512GB / Sabrent Rocket 1TB Nvme / Samsung 860 Evo Pro 500GB / Samsung 970 EVO Plus 2tb Nvme / Samsung 870 QVO 4TB  |

 

TV Streaming PC: Intel Nuc CPU - i7 8th Gen | RAM - 16GB DDR4 2666mhz | Storage - 256GB WD Black M.2 NVME SSD |

 

Phone: Samsung Galaxy Z Fold 4 - Phantom Black 512GB |

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
2 minutes ago, SpookyCitrus said:

If you used an older installer, only recent installers within the last few months have had it enable by default, and it only enables if you sign in with a Microsoft Account during the initial setup. If you just did a local account or used an installer from more than like 3 or 4 months ago it would likely be off.

Ah. I see. In my case it must be how long ago I installed, because I'm activated and signed into my Microsoft account. Well, but my key is not "linked" to my Microsoft account- lol whatever who knows. I love how Microsoft deliberately make everything confusing and enable things that nobody wants.

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Windows

×