How to Choose BitLocker Encryption Type on Windows 11 Drives

What is BitLocker?

BitLocker is a Windows tool that keeps your files safe by scrambling them, so only you can read them.

• External drives like USB sticks
• Fixed drives inside your computer
• Your main Windows system drive

When you use BitLocker on your main Windows drive, it can unlock automatically when your computer starts. This happens thanks to a special security chip called the Trusted Platform Module (TPM).

Encryption Types for Fixed Drives

When you set up BitLocker on a drive inside your computer, you can pick how it encrypts your data: either the whole drive or just the parts that have files on them.

• Full Encryption: Encrypts the entire drive — even empty space. This takes longer but is the safest choice.
• Used Space Only Encryption: Encrypts only the space where your files are stored. This is faster but less complete.

How to Make Windows Always Use One Encryption Type

You can tell Windows to always use your preferred BitLocker encryption type, so you don’t have to choose it every time you encrypt a new drive.

When you set this preference, Windows will automatically pick one encryption type for you without asking.

If you want Windows to always pick one encryption type, you can set a rule using Windows tools. Here are two ways to do it.

Method 1Using Local Group Policy Editor

1. Press the ⊞ Start button and type Edit group policy, then open the Local Group Policy Editor.
2. In the window that opens, go to this folder: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Fixed Data Drives
3. Find Enforce drive encryption type on fixed data drives on the right and double-click it.
4. Choose one of these options:

   • Not Configured (default): Windows will ask you every time which encryption type to use.
   • Enabled: You pick the encryption type below, and Windows will use it automatically without asking.
   • Disabled: Same as Not Configured — Windows asks you each time.
5. If you selected Enabled, choose either:

   • Full encryption
   • Used space only encryption
6. Click OK to save.
7. 🔄 Restart your computer to apply the changes.

To set a default BitLocker encryption type using the Group Policy Editor, first open the tool by searching for ‘Edit group policy’ in the ⊞ Start menu.

And here are the options you can pick:

Method 2Using Windows Registry Editor

You can also set a default BitLocker encryption type using the Registry Editor, but be very careful as mistakes can cause problems with Windows.

1. Open the Windows Registry Editor as administrator. Search for regedit in Start, then right-click and choose Run as administrator. ⚠️ Requires admin privileges
2. Go to this folder in the Registry Editor: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE
3. Look for a value named FDVEncryptionType in the right pane.
4. If it’s not there, 🖱️ right-click on the right side, pick New > DWORD (32-bit) Value, and name it FDVEncryptionType.
5. Double-click FDVEncryptionType and set its value to:

   • 1 for Full encryption
   • 2 for Used space only encryption
6. Click OK and close the Registry Editor.
7. 🔄 Restart your computer to apply changes.

If you want to go back to letting Windows ask which encryption type to use, delete the FDVEncryptionType value from the registry.

Summary

• BitLocker protects your drives by encrypting them so only authorized users can access your data.
• You can choose how BitLocker encrypts fixed drives: full drive or used space only.
• Using the Group Policy Editor or Registry Editor, you can force Windows to always use one encryption type without asking.
• Remember to 🔄 restart your computer after making these changes.

BitLocker is a Windows feature that encrypts your drives to keep your data private, and you can choose between full or used-space encryption for fixed drives.