Skip to content
Follow
Windows

How to Change BitLocker Encryption in Windows 11

Richard
Written by
Richard
May 12, 2024 Updated Jul 13, 2026 3 min read
BitLocker drive encrytion featured image
BitLocker drive encrytion featured image

Changing BitLocker encryption in Windows 11 can boost your data security, especially when upgrading from the default XTS-AES 128-bit to the stronger XTS-AES 256-bit encryption.

BitLocker is a Windows security tool that locks down entire drives so only you and authorized people can access your files. It protects your information if your computer is lost or stolen.

You can use BitLocker for your main Windows drive, other internal drives, and even USB drives. Windows 11 usually uses XTS-AES 128-bit encryption, but switching to XTS-AES 256-bit offers a much higher level of protection for important data.

⚡ Quick Answer

Change BitLocker encryption by opening Local Group Policy Editor and navigating to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption. Double-click “Choose drive encryption method and cipher strength” to select your desired algorithm and key strength, then restart your computer.

Why Change Your BitLocker Settings?

A stronger encryption code makes your data much harder for others to crack. If you work with very sensitive information, using 256-bit encryption gives you extra protection.

What Happens When You Change These Settings?

When you change these settings, your files remain protected with the new, stronger encryption. Any new files you create will immediately use the updated settings. Keep in mind that your computer might need to restart for these changes to take effect.

Method 1Use Group Policy Editor

You can change your BitLocker encryption in Windows 11 using the Group Policy Editor to manage how your drives are protected. For most people, this tool offers a safer way to adjust drive security settings and keep your data secure.

  1. Open the Local Group Policy Editor. Search for “Edit group policy” on your Start menu.
  2. Follow these folders in order:
    • Computer Configuration
    • Administrative Templates
    • Windows Components
    • BitLocker Drive Encryption
  3. On the right side, find “Choose drive encryption method and cipher strength (Windows 10 (Version 1511) and later)”. Double-click it.
Choose drive encryption method and cipher
Choose drive encryption method and cipher
  1. A window opens. You have three choices:
    • Not Configured (this is the default) – BitLocker uses its standard settings
    • Enabled – you pick the encryption type yourself
    • Disabled – BitLocker uses AES with 128-bit or 256-bit strength
Drive encryption method and cipher options
Drive encryption method and cipher options
  1. If you pick Enabled, use the dropdown menu under Options. Choose your encryption method for:
    • Operating system drives (your main drive)
    • Fixed data drives (regular storage)
    • Removable data drives (USB sticks)
  2. Click OK to save. You may need to restart your computer.
Drive and encryption method and cipher settings
Drive and encryption method and cipher settings

Method 2Use Registry Editor

For those comfortable with advanced computer changes, altering BitLocker encryption in Windows 11 can be done using the Registry Editor. This method involves changing Windows’ core settings. It’s important to be careful and follow instructions precisely to avoid system issues.

⚠️Warning
The Registry Editor is where Windows stores all its settings. Changing the wrong thing can cause problems. Be careful with this method.
  1. Open the Windows Registry Editor. Search for “regedit” on your Start menu.
  2. Find this path in the left panel:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE
  3. Look at the right side. You should see three items with these names:
    • EncryptionMethodWithXtsOs
    • EncryptionMethodWithXtsFdv
    • EncryptionMethodWithXtsRdv
  4. Double-click each one and change its value:
    • Enter 4 to use AES-CBC 256-bit encryption
    • Enter 7 to use XTS-AES 256-bit encryption
Drive and encryption method and cipher registry editor
Drive and encryption method and cipher registry editor
  1. Don’t see these items? Right-click a blank area on the right side. Pick “New” and then “DWORD (32-bit) Value”. Create all three items if they’re missing, then enter the values above.
  2. To go back to the default XTS-AES 128-bit encryption, delete all three items you created or changed.
  3. Save your changes and restart your computer.

Summary

Changing your BitLocker encryption in Windows 11 is an important step to keep your data safe. You have two main ways to do this: the easier Group Policy Editor, which is safer for most people, or the more advanced Registry Editor, which requires more technical comfort and admin access.

There are two ways to change this:

  • Group Policy Editor – easier and safer for most people
  • Registry Editor – more advanced, requires admin access
📝Good to Know
You can change encryption for your main drive, storage drives, and removable drives. Always restart your computer after making changes. This lets Windows use the new encryption settings.

Stronger encryption takes a bit more computer power but keeps your data much safer.

Was this guide helpful?

Tags: #Windows 11
Was this helpful?
Richard

About the Author

Richard

Tech Writer, IT Professional

Richard, a writer for Geek Rewind, is a tech enthusiast who loves breaking down complex IT topics into simple, easy-to-understand ideas. With years of hands-on experience in system administration and enterprise IT operations, he’s developed a knack for offering practical tips and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.

📚 Related Tutorials

How to Enforce BitLocker Encryption on Removable Drives
Windows How to Enforce BitLocker Encryption on Removable Drives
How to Enforce BitLocker Encryption Types on Windows 11 Drives
Windows How to Enforce BitLocker Encryption Types on Windows 11 Drives
How to Choose BitLocker Encryption Type on Windows 11 Drives
Windows How to Choose BitLocker Encryption Type on Windows 11 Drives
How to Reset Local Group Policy in Windows 11
Windows How to Reset Local Group Policy in Windows 11

No comments yet — be the first to share your thoughts!

Leave a Comment

Your email address will not be published. Required fields are marked *