How to Enforce BitLocker Encryption Types on Windows 11 Drives
Enforcing specific BitLocker encryption types on Windows 11 drives means you can make sure all your fixed drives use the same level of security.
BitLocker is a Windows feature that scrambles your drive’s data so only you can read it. For drives that don’t change much, like your main C: drive, BitLocker has two main ways to encrypt: encrypting the whole drive or just the parts where you’ve saved files. Encrypting the whole drive offers better protection.
You can set a specific rule using a Group Policy setting called “Enforce drive encryption type on fixed data drives.” This forces BitLocker to use your preferred encryption method, like always using full encryption, for any new drives you set up on computers managed by this policy.
This helps keep your data safe by making sure all fixed drives have the same strong encryption. You need Windows 11 Pro or Enterprise to use this Group Policy setting.
Enforce BitLocker encryption types by opening the Local Group Policy Editor and navigating to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Fixed Data Drives, then double-clicking “Enforce drive encryption type on fixed data drives.” Select “Enabled” and choose your preferred encryption method.
Enforce Drive Encryption Type on Fixed Data Drives
You can force a specific encryption choice for fixed drives using the steps below.
Method 1Using Local Group Policy Editor
Enforcing specific BitLocker encryption types on all your Windows 11 drives can be done using the Local Group Policy Editor. This tool lets you set a rule for your computer, ensuring BitLocker automatically uses your chosen encryption type without prompting users during setup.
The Local Group Policy Editor application lets you enforce BitLocker encryption types on Windows 11 drives. To open it, search for "Edit group policy" in the Windows Start menu. Changing system-wide encryption settings for all users requires administrator privileges.
2. Navigate through these folders:
- Computer Configuration
- Administrative Templates
- Windows Components
- BitLocker Drive Encryption
- Fixed Data Drives
3. In the right window, double-click “Enforce drive encryption type on fixed data drives.”

4. Choose your setting:
- Not Configured: This is the default. It works the same as Disabled.
- Enabled: BitLocker will use the type you pick. Users won’t be asked to choose. Select “Full encryption” to lock the whole drive or “Use Space Only encryption” to lock only the data area.
- Disabled: The setup wizard will ask users to pick their own type.
5. Click OK and restart your computer to finish. ⚠️ Admin privileges required.

Method 2Using Windows Registry Editor
If the Group Policy Editor isn’t available, you can still enforce specific BitLocker encryption types on your Windows 11 drives by making changes in the Windows Registry Editor. This method saves your preference directly in the computer’s settings, and BitLocker checks them every time it’s turned on.
The computer saves your BitLocker encryption type preference in the Windows registry. BitLocker will check this registry setting every time you turn on drive encryption, ensuring the chosen encryption method is consistently applied across your system for enhanced data security.
- Open the Start menu, type
regedit, and run it as an administrator. ⚠️ Admin privileges required. - Navigate to this registry path:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE - Look for a value named
FDVEncryptionTypeon the right. If you don’t see it, right-click an empty space, select “New,” then “DWORD (32-bit) Value,” and name itFDVEncryptionType. - Double-click the value and enter:
1for full encryption.2for used space-only encryption.
5. Click OK and restart your computer. ⚠️ Admin privileges required.

How to Remove the Encryption Type Setting
FDVEncryptionType item you created in the registry and restart your computer.Summary
Enforcing specific BitLocker encryption types on Windows 11 drives keeps your data secure and simplifies setup for users, using either the Local Group Policy Editor or the Registry Editor.
What encryption does BitLocker use?
BitLocker secures your data with the AES encryption algorithm. Modern systems typically use AES-256 in XTS mode, offering robust protection for data at rest. Older systems might use AES-128 in CBC mode.
What is the recommended BitLocker encryption method?
We recommend using AES-XTS for all drive types.
Was this guide helpful?
About the Author
Richard
Tech Writer, IT Professional
Richard, a writer for Geek Rewind, is a tech enthusiast who loves breaking down complex IT topics into simple, easy-to-understand ideas. With years of hands-on experience in system administration and enterprise IT operations, he’s developed a knack for offering practical tips and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.
No comments yet — be the first to share your thoughts!