Skip to main content

How To Securely Disable BitLocker On All Drives

Starting from Windows Vista, Windows has a native encryption utility named BitLocker, that allows users to encrypt their entire OS drive, as well as partitions and removable media such as USB flash drives. This prevents unauthorized access to sensitive data stored on the drives. This also means that anyone with physical access to the PC, can encrypt the drive(s) and lock the rightful owner out of their very own device. In this tutorial, I will show you how to securely disable BitLocker on every drive.

If you're serious about protecting your sensitive data from falling Into the hands of the unknown, disk encryption Is certainly the best option to protect It. BitLocker does the job with Incredible ease, all within the Windows environment without the aid of third-party tools.

Simply put, once you encrypt a drive, In order to view It's contents, BitLocker will prompt for an unlock method (that you've set during the encryption) such as a password or a PIN. Once you authenticate, your files can be accessed.

The problem Is, those who share your PC or perhaps someone who gains unauthorized access, remotely or otherwise, can also use BitLocker to encrypt your computer's hard disk, hence lock you out of your own PC. Similar to how Ransomware operates- without a decryption key, you cannot access your files. As such, I will demonstrate how to securely prevent anyone from encrypting your computer's hard disk and other storage drives.

To achieve this, I will be using the good old Group Policy Editor, that's native to the Windows 10 Pro, Enterprise and Education editions. The same applies to BitLocker- only the Pro, Enterprise and Education editions are supported. If you're running Windows 10 Home, you're out of luck. So without further delay, let's rip Into this tutorial.

Step One:
To access the Group Policy Editor, open the Run menu, enter gpedit.msc and hit OK.

Step Two:

The Group Policy Editor will now open, so navigate to the following directory.
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption

Just under BitLocker Drive Encryption, you will see Fixed Data Drives, Operating System Drives and Removable Data Drives. Select the drive(s) that you want to prevent BitLocker from encrypting. For the purpose of this guide, I've selected Fixed Data Drives.

Then on the right pane, double-click on Choose how BitLocker-protected fixed drives can be recovered. If you've selected a drive different to this, double-click on It's respective option.

Step Three:
To the left of the window, click the Enabled radio button. Then toward the bottom under Backup recovery passwords and key packages, select the checkbox as Illustrated. In simple terms, this option waits for recovery Information to be stored before a disk can be encrypted. Given there's no recovery Info, BitLocker cannot encrypt a disk! Hit OK to finalize the process.

Step Four:
Here's an example of how BitLocker works before the above setting Is applied. I can use a password to unlock my drive, and follow the prompts until completion.

Step Five:
Just after applying the above setting, let's try and encrypt my hard disk with BitLocker. I've right-clicked my drive and selected Turn on BitLocker as arrowed below.

Step Six:
BitLocker Is now attempting to encrypt my hard disk. Let's see what happens next.

Last Step:
As you can see, BitLocker has failed performing It's task. Perfect! This clearly demonstrates that my selected drive cannot be encrypted.

Final Thoughts:
I strongly suggest protecting your drives and partitions with BitLocker encryption, but If you're the type of user who's not comfortable with this, then applying the above setting will certainly prevent anyone from using BitLocker on your computer.

To reverse the change and have It functioning as per It's original state, go back to Step Three above, select the Not Configured radio button and hit OK.


Popular posts from this blog

How To Use Sandboxie In Windows 10

When navigating online and downloading & executing applications, clicking on links, visiting websites that you're not familiar with and so forth, your computer Is vulnerable to being Infected with a virus. The last thing you need, Is to have your sensitive files compromised or hit with a nasty piece of malware. To prevent this, In this tutorial, I will show you how to safely perform all the above and more, by using a software named Sandboxie.

Create A Bootable USB Flash Drive

If you have a Bootable ISO Image file of the Windows operating system, obviously the Intention Is to burn It to disc and boot from your PC thereafter. However, optical drives are slowly being phased out In manufacturing & shipping of new computers, so what do you do from here? The alternative Is to create a bootable USB flash drive, and I will show you exactly how It's done. The process Is quite simple, yet a lot of users fail to grasp the concept.

Open The Command Prompt In Any Directory

A very powerful tool native to the Windows platform, Is the Command Prompt that allows users to perform an array of tasks, such as renaming and deleting files & folders, formatting disks and the list goes on. Sometimes, you need to navigate to certain directories by executing commands, which can be a lengthy and somewhat frustrating process. As such, In this tutorial, I will show you how to easily open the Command Prompt In any directory/folder of your choice.