Disable BitLocker Software Encryption Windows 11 Pro

, , , , ,

In some Windows 11 Pro installation instances, which I won’t cover here to keep this article short, Windows 11 Pro will automatically enable BitLocker software based encryption on your solid state drive (SSD). Not sure if this auto-enabling occurs on traditional mechanical hard drives, let me know in the comments section.

The particular Windows 11 Pro installation on my Intel NUC 12 fell within the Microsoft threshold of auto-enabling the BitLocker software encryption. This was without my knowledge nor was I allowed to configure the encryption password or separately store the encryption key. My initial inspection leads me to believe that Microsoft simply uses your Microsoft Account password as the BitLocker encryption key but I have not confirmed this. Let me know in the comments section.

Also, when I originally setup my Windows 11 Pro installation, I used a local account instead of a Microsoft Account. I assume that when I accessed my Microsoft Account to connect my Microsoft 365 software (such as Word and OneDrive) Windows configured BitLocker at that time. I could be completely wrong, but the fact that BitLocker was enabled without my knowledge is a fact in my particular case.

It wasn’t until I discovered an article on Tom’s Hardware regarding “Windows Software BitLocker Slows Performance” that I became aware of a potential performance implication. In that article is covers how the BitLocker software encryption feature can slow an SSD by up to 45%.

This article will cover what I did in order to disable BitLocker software encryption on my SSD since I prefer daily maximum performance over the (in my opinion, false) sense of security provided by encrypting the data on my drive. Encrypting my data may also make data recovery more difficult should the need arise, but I may be incorrect there as well.

Is BitLocker Software Encryption Enabled

To find out if your SSD is running BitLocker software based encryption open the Windows Command Prompt app as an Administrator and enter the following command:

manage-bde -status

This will start the “BitLocker Drive Encryption: Configuration Tool,” which analyses all the drives in your PC.

  • Under “Conversion Status,” you can find out whether the data on the SSD is encrypted.
    • If “Used Space Only Encrypted” or “Fully Encrypted” is displayed, then BitLocker encryption is switched ON.
    • If “Fully Decrypted” is displayed, BitLocker encryption is switched OFF on the listed drive. No further action is needed.
  • Under “Encryption Method,” it shows whether software encryption (XTS-AES 128) or hardware encryption (Hardware Encryption) is used on the drive.
Enabled BitLocker Software Encryption Windows 11 Pro SSD

Example of Enabled BitLocker Software Encryption

Disable BitLocker Software Encryption Windows 11 Pro SSD

Example of BitLocker Software Decryption

Disabled BitLocker Software Encryption Windows 11 Pro SSD

Example of BitLocker Software Decrypted

 

Disable BitLocker Software Encryption

TomsHardware’s tests showed that users who use applications that put a lot of strain on the SSDs can expect a noticeable drop in SSD performance.

If you are absolutely sure that the data on your SSD does not need to be protected and encrypted, then BitLocker can be disabled by opening the Windows Command Prompt app as an Administrator and entering the following command (where the “X:” is to be replaced by the drive letter of the encrypted drive):

manage-bde -off X:

WARNING: Before attempting to disable BitLocker and decrypt any drive / data it is imperative to backup your data or image your entire drive. Not only that, but you should confirm that the created backup(s) are 100% operational.

NOTE: Microsoft says that it can take up to 1 full minute to decrypt just 500 MegaBytes. If you had a drive that was 400 GigaBytes, by their measure, that would take roughly 800 minutes or 13.3 hours to decrypt your drive.

In my case, I had a 2.5-inch SSD which did take several hours to complete since it was maxing out at around 125MB/s. However, my ADATA NVMe SSD took only minutes because it was operating at around 1GB/s. I love you ADATA!

 

 

You can decrypt your drive while you continue to use your PC. However, you should be aware;

  • the decryption process may take a LONG time depending on the size of your drive and the encryption level used.
  • the decryption process may affect the performance of your PC and other applications while using the PC.
  • the decryption process cannot be paused or resumed once it is started and must be completed.
  • if you interrupt the decryption process, such as by turning off your PC, the drive will remain partially encrypted and you will need to start the decryption process again.

Therefore, before disabling BitLocker software encryption, you should make sure that you have a working backup of your important data, that you have enough time to complete the decryption process, and that you do not need the security features of BitLocker for your drive and data.

Despite the fact that you “can” still use your PC while your primary operating system drive is being decrypted I would advise closing any open files or programs to avoid any potential for data loss or corruption. In my case, I simply surfed the web with everything else closed until the BitLocker decrypting process was complete on my primary drive.

  • PRO TIP #1: If you have a current backup of your data on your primary drive (the one to be decrypted) you can remove it from the primary drive completely which will decrease the time it takes to decrypt the drive since only the “used space” is encrypted. After decryption you can restore the data to its original location from your backup.
  • PRO TIP #2: You’ll also want to disabled the BitLocker Drive Encryption Service via the Windows Services App. See my article on my disabled Windows Services.

 

BitLocker Software Decryption

I am happy to report that I was able to successfully disable Microsoft Windows BitLocker on all of my drives without issue.

Note that when I started using my PC, I had no indication that BitLocker was even enabled. For example, the BitLocker Drive Encryption settings area only showed that BitLocker was “waiting for activation” (before image) and not that had already encrypted my drives and data. After decrypting my drives it no longer said it was waiting for activation, rather it was just OFF (see after image).

 

Conclusion

Thus far I have “no regerts” (misspelled on purpose) with disabling BitLocker on my drives. I even disabled the Service. Maybe it is the placebo effect, but I feel my PC is more responsive.

I hope my article on how to disable BitLocker software encryption on Windows 11 Pro has helped you. I welcome your thoughts, questions or suggestions regarding this article.

You may support my work and future improvements by sending me a tip using your Brave browser or by sending me a one time donation using your credit card.

Let me know if you found any errors within my article or if I may further assist you by answering any additional questions you may have.