Skip to main content


How To Securely Disable BitLocker On All Drives


Starting from Windows Vista, Windows has a native encryption utility named BitLocker, that allows users to encrypt their entire OS drive, as well as partitions and removable media such as USB flash drives. This prevents unauthorized access to sensitive data stored on the drives. This also means that anyone with physical access to the PC, can encrypt the drive(s) and lock the rightful owner out of their very own device. In this tutorial, I will show you how to securely disable BitLocker on every drive.


If you're serious about protecting your sensitive data from falling Into the hands of the unknown, disk encryption Is certainly the best option to protect It. BitLocker does the job with Incredible ease, all within the Windows environment without the aid of third-party tools.

Simply put, once you encrypt a drive, In order to view It's contents, BitLocker will prompt for an unlock method (that you've set during the encryption) such as a password or a PIN. Once you authenticate, your files can be accessed.

The problem Is, those who share your PC or perhaps someone who gains unauthorized access, remotely or otherwise, can also use BitLocker to encrypt your computer's hard disk, hence lock you out of your own PC. Similar to how Ransomware operates- without a decryption key, you cannot access your files. As such, I will demonstrate how to securely prevent anyone from encrypting your computer's hard disk and other storage drives.

To achieve this, I will be using the good old Group Policy Editor, that's native to the Windows 10 Pro, Enterprise and Education editions. The same applies to BitLocker- only the Pro, Enterprise and Education editions are supported. If you're running Windows 10 Home, you're out of luck. So without further delay, let's rip Into this tutorial.

Step One:
To access the Group Policy Editor, open the Run menu, enter gpedit.msc and hit OK.



Step Two:

The Group Policy Editor will now open, so navigate to the following directory.
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption

Just under BitLocker Drive Encryption, you will see Fixed Data Drives, Operating System Drives and Removable Data Drives. Select the drive(s) that you want to prevent BitLocker from encrypting. For the purpose of this guide, I've selected Fixed Data Drives.

Then on the right pane, double-click on Choose how BitLocker-protected fixed drives can be recovered. If you've selected a drive different to this, double-click on It's respective option.



Step Three:
To the left of the window, click the Enabled radio button. Then toward the bottom under Backup recovery passwords and key packages, select the checkbox as Illustrated. In simple terms, this option waits for recovery Information to be stored before a disk can be encrypted. Given there's no recovery Info, BitLocker cannot encrypt a disk! Hit OK to finalize the process.



Step Four:
Here's an example of how BitLocker works before the above setting Is applied. I can use a password to unlock my drive, and follow the prompts until completion.



Step Five:
Just after applying the above setting, let's try and encrypt my hard disk with BitLocker. I've right-clicked my drive and selected Turn on BitLocker as arrowed below.



Step Six:
BitLocker Is now attempting to encrypt my hard disk. Let's see what happens next.



Last Step:
As you can see, BitLocker has failed performing It's task. Perfect! This clearly demonstrates that my selected drive cannot be encrypted.



Final Thoughts:
I strongly suggest protecting your drives and partitions with BitLocker encryption, but If you're the type of user who's not comfortable with this, then applying the above setting will certainly prevent anyone from using BitLocker on your computer.

To reverse the change and have It functioning as per It's original state, go back to Step Three above, select the Not Configured radio button and hit OK.



Comments

Popular posts from this blog

Check The Health Of Your Laptop's Battery

When you first purchase your laptop and fully charge the battery thereafter, It runs at It's optimal state for quite a while. However, over time, It Inevitably decreases In performance, and does not hold It's charge capacity as per It's brand new state. This Is due to wear & tear, and a few other factors. It's very Important to know the condition of your battery, so In this tutorial, I will show you how to view the current status and health of your laptop's battery.

How To Troubleshoot Your PC's Power Settings

Upon purchasing your computer with the Windows OS Installed, by default, It's power plan setting Is set to Balanced. Depending on the manufacturer, the hibernate and sleep modes are also configured to turn off at certain Intervals. You can also create a plan of your own, based on your computing usability. Power plan settings can corrupt at the best of times, hence In this tutorial, I will show you how to troubleshoot your PC's power settings natively within Windows.

Force Windows 10 To Boot To Advanced Startup

In the event your operating system corrupts and losses functionality to some degree, Windows 10 has the Advanced Startup Options menu, that contains a range of diagnostic and repair utilities to help restore the OS back to It's functional state. You can perform a System Restore, Reset your PC, execute commands via the Command Prompt and more. To have It readily available, In this tutorial, I will show you how to force Windows 10 to always boot to the Advanced Startup settings.