Skip to main content

How To Securely Disable BitLocker On All Drives

Starting from Windows Vista, Windows has a native encryption utility named BitLocker, that allows users to encrypt their entire OS drive, as well as partitions and removable media such as USB flash drives. This prevents unauthorized access to sensitive data stored on the drives. This also means that anyone with physical access to the PC, can encrypt the drive(s) and lock the rightful owner out of their very own device. In this tutorial, I will show you how to securely disable BitLocker on every drive.

If you're serious about protecting your sensitive data from falling Into the hands of the unknown, disk encryption Is certainly the best option to protect It. BitLocker does the job with Incredible ease, all within the Windows environment without the aid of third-party tools.

Simply put, once you encrypt a drive, In order to view It's contents, BitLocker will prompt for an unlock method (that you've set during the encryption) such as a password or a PIN. Once you authenticate, your files can be accessed.

The problem Is, those who share your PC or perhaps someone who gains unauthorized access, remotely or otherwise, can also use BitLocker to encrypt your computer's hard disk, hence lock you out of your own PC. Similar to how Ransomware operates- without a decryption key, you cannot access your files. As such, I will demonstrate how to securely prevent anyone from encrypting your computer's hard disk and other storage drives.

To achieve this, I will be using the good old Group Policy Editor, that's native to the Windows 10 Pro, Enterprise and Education editions. The same applies to BitLocker- only the Pro, Enterprise and Education editions are supported. If you're running Windows 10 Home, you're out of luck. So without further delay, let's rip Into this tutorial.

Step One:
To access the Group Policy Editor, open the Run menu, enter gpedit.msc and hit OK.

Step Two:

The Group Policy Editor will now open, so navigate to the following directory.
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption

Just under BitLocker Drive Encryption, you will see Fixed Data Drives, Operating System Drives and Removable Data Drives. Select the drive(s) that you want to prevent BitLocker from encrypting. For the purpose of this guide, I've selected Fixed Data Drives.

Then on the right pane, double-click on Choose how BitLocker-protected fixed drives can be recovered. If you've selected a drive different to this, double-click on It's respective option.

Step Three:
To the left of the window, click the Enabled radio button. Then toward the bottom under Backup recovery passwords and key packages, select the checkbox as Illustrated. In simple terms, this option waits for recovery Information to be stored before a disk can be encrypted. Given there's no recovery Info, BitLocker cannot encrypt a disk! Hit OK to finalize the process.

Step Four:
Here's an example of how BitLocker works before the above setting Is applied. I can use a password to unlock my drive, and follow the prompts until completion.

Step Five:
Just after applying the above setting, let's try and encrypt my hard disk with BitLocker. I've right-clicked my drive and selected Turn on BitLocker as arrowed below.

Step Six:
BitLocker Is now attempting to encrypt my hard disk. Let's see what happens next.

Last Step:
As you can see, BitLocker has failed performing It's task. Perfect! This clearly demonstrates that my selected drive cannot be encrypted.

Final Thoughts:
I strongly suggest protecting your drives and partitions with BitLocker encryption, but If you're the type of user who's not comfortable with this, then applying the above setting will certainly prevent anyone from using BitLocker on your computer.

To reverse the change and have It functioning as per It's original state, go back to Step Three above, select the Not Configured radio button and hit OK.


Popular posts from this blog

How To Decode The Windows 10 Product Key

Every Windows 10 operating system that's Installed and activated on the computer, has what's called a Product Key , that Is either pre-Installed by the manufacturer, or added by the end user when formatting their PC. In order to have a fully-functional OS, It must contain a valid Product Key. Whilst there are many tools that can extract It from the operating system, In this tutorial, I will show you how to manually decode the Product Key.

How To Check Faulty Drivers In Windows 10

For hardware devices to function properly, they must have device drivers  Installed, thus allow them to perform at their optimal state. It's all well and good when they're running without error, but they do tend to fail at the best of times, which can cause system Instability and/or loss of functionality. It can be a difficult task pinpointing the problematic driver(s), so In this tutorial, I will show you how to check faulty drivers , without the aid of third-party tools.

How To Create A Fake File Of Any File Size

Depending on your business environment or Individual requirements, sometimes there Is the need to test files of a given capacity. Such tests can Include Identifying how well your hard disks perform under heavy read/write operations, or to establish whether files can be securely deleted beyond recovery. Whatever the reason may be, In this tutorial, I will show you how to create a fake file of any file size.