How to Choose BitLocker Encryption Type on Windows 11 Drives

What is BitLocker?

BitLocker is a built-in Windows feature that helps protect your data by encrypting your drives. It works on:

• External drives like USB sticks
• Fixed drives inside your computer
• Your main Windows system drive

When you use BitLocker on your main Windows drive, it can unlock automatically when your computer starts. This happens thanks to a special security chip called TPM.

Encryption Types for Fixed Drives

When you turn on BitLocker for a fixed data drive (like a secondary hard drive inside your PC), it will ask you to choose one of two encryption types:

• Full Encryption: Encrypts the entire drive — even empty space. This takes longer but is the safest choice.
• Used Space Only Encryption: Encrypts only the space where your files are stored. This is faster but less complete.

How to Make Windows Always Use One Encryption Type

Why would you want this? Because you won’t have to choose every single time you encrypt a drive.

What happens when you set this? Windows will automatically pick one encryption type for you without asking.

If you want Windows to always pick one encryption type, you can set a rule using Windows tools. Here are two ways to do it.

Method 1Using Local Group Policy Editor

1. Press the ⊞ Start button and type Edit group policy, then open the Local Group Policy Editor.
2. In the window that opens, go to this folder: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Fixed Data Drives
3. Find Enforce drive encryption type on fixed data drives on the right and double-click it.
4. Choose one of these options:

   • Not Configured (default): Windows will ask you every time which encryption type to use.
   • Enabled: You pick the encryption type below, and Windows will use it automatically without asking.
   • Disabled: Same as Not Configured — Windows asks you each time.
5. If you selected Enabled, choose either:

   • Full encryption
   • Used space only encryption
6. Click OK to save.
7. 🔄 Restart your computer to apply the changes.

Here’s what this setting looks like:

And here are the options you can pick:

Method 2Using Windows Registry Editor

If you prefer, you can also make this change using the Registry Editor. Be careful — editing the registry incorrectly can cause issues, so follow these steps exactly.

1. Open the Windows Registry Editor as administrator. Search for regedit in Start, then right-click and choose Run as administrator. ⚠️ Requires admin privileges
2. Go to this folder in the Registry Editor: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE
3. Look for a value named FDVEncryptionType in the right pane.
4. If it’s not there, 🖱️ right-click on the right side, pick New > DWORD (32-bit) Value, and name it FDVEncryptionType.
5. Double-click FDVEncryptionType and set its value to:

   • 1 for Full encryption
   • 2 for Used space only encryption
6. Click OK and close the Registry Editor.
7. 🔄 Restart your computer to apply changes.

If you want to go back to letting Windows ask which encryption type to use, just delete the FDVEncryptionType value from the registry.

Summary

• BitLocker protects your drives by encrypting them so only authorized users can access your data.
• You can choose how BitLocker encrypts fixed drives: full drive or used space only.
• Using the Group Policy Editor or Registry Editor, you can force Windows to always use one encryption type without asking.
• Remember to 🔄 restart your computer after making these changes.

Want to learn more or give feedback? Visit the original guide here: How to Turn On BitLocker in Windows 11.