]> Enabling bitlocker hardware encryption 🌐:aligrant.com

Enabling bitlocker hardware encryption

Alastair Grant | Fri 4 Oct 2019

Microsoft have recently adjusted the way Bitlocker will encrypt drives in light of some shockingly poor implementations of hardware encryption on hard drives/ssd.

The long and short is many SSDs from major manufacturers can have their enyption bypassed due to things such as default passwords. To protect us, Microsoft now assumes your drive is compromised.

But what if you're confident that your drive isn't impacted? How do you elect to use hardware encryption? Group policy of course.

  1. Run gpedit.msc
  2. Navigate to Computer Configuration; Administrative Templates; Windows Components; Bitlocker Drive Encryption; Fixed Data Drives.
  3. Here you can set the "Configure use of hardware-based enyption for fixed data drives"
  4. Enable the policy
  5. Deselect software-encryption
  6. Reboot for Good measure


Breaking from the voyeuristic norms of the Internet, any comments can be made in private by contacting me.