Skip to content
Follow
Windows

How to Enforce BitLocker Encryption Types on Windows 11 Drives

Richard
Written by
Richard
May 20, 2024 Updated Jul 13, 2026 3 min read
BitLocker drive encrytion featured image
BitLocker drive encrytion featured image

Enforcing specific BitLocker encryption types on Windows 11 drives means you can make sure all your fixed drives use the same level of security.

BitLocker is a Windows feature that scrambles your drive’s data so only you can read it. For drives that don’t change much, like your main C: drive, BitLocker has two main ways to encrypt: encrypting the whole drive or just the parts where you’ve saved files. Encrypting the whole drive offers better protection.

You can set a specific rule using a Group Policy setting called “Enforce drive encryption type on fixed data drives.” This forces BitLocker to use your preferred encryption method, like always using full encryption, for any new drives you set up on computers managed by this policy.

This helps keep your data safe by making sure all fixed drives have the same strong encryption. You need Windows 11 Pro or Enterprise to use this Group Policy setting.

⚡ Quick Answer

Enforce BitLocker encryption types by opening the Local Group Policy Editor and navigating to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Fixed Data Drives, then double-clicking “Enforce drive encryption type on fixed data drives.” Select “Enabled” and choose your preferred encryption method.

Enforce Drive Encryption Type on Fixed Data Drives

You can force a specific encryption choice for fixed drives using the steps below.

Method 1Using Local Group Policy Editor

Enforcing specific BitLocker encryption types on all your Windows 11 drives can be done using the Local Group Policy Editor. This tool lets you set a rule for your computer, ensuring BitLocker automatically uses your chosen encryption type without prompting users during setup.

⚠️Warning
What happens: BitLocker automatically uses the setting you choose. Users will not see a choice during setup.

The Local Group Policy Editor application lets you enforce BitLocker encryption types on Windows 11 drives. To open it, search for "Edit group policy" in the Windows Start menu. Changing system-wide encryption settings for all users requires administrator privileges.

2. Navigate through these folders:

  • Computer Configuration
  • Administrative Templates
  • Windows Components
  • BitLocker Drive Encryption
  • Fixed Data Drives

3. In the right window, double-click “Enforce drive encryption type on fixed data drives.”

enforce encryption type for fixed drives
enforce encryption type for fixed drives

4. Choose your setting:

  • Not Configured: This is the default. It works the same as Disabled.
  • Enabled: BitLocker will use the type you pick. Users won’t be asked to choose. Select “Full encryption” to lock the whole drive or “Use Space Only encryption” to lock only the data area.
  • Disabled: The setup wizard will ask users to pick their own type.

5. Click OK and restart your computer to finish. ⚠️ Admin privileges required.

enforce encryption type for fixed drives options
enforce encryption type for fixed drives options

Method 2Using Windows Registry Editor

If the Group Policy Editor isn’t available, you can still enforce specific BitLocker encryption types on your Windows 11 drives by making changes in the Windows Registry Editor. This method saves your preference directly in the computer’s settings, and BitLocker checks them every time it’s turned on.

The computer saves your BitLocker encryption type preference in the Windows registry. BitLocker will check this registry setting every time you turn on drive encryption, ensuring the chosen encryption method is consistently applied across your system for enhanced data security.

  1. Open the Start menu, type regedit, and run it as an administrator. ⚠️ Admin privileges required.
  2. Navigate to this registry path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE
  3. Look for a value named FDVEncryptionType on the right. If you don’t see it, right-click an empty space, select “New,” then “DWORD (32-bit) Value,” and name it FDVEncryptionType.
  4. Double-click the value and enter:
  • 1 for full encryption.
  • 2 for used space-only encryption.

5. Click OK and restart your computer. ⚠️ Admin privileges required.

enforce encryption type for fixed drives registry
enforce encryption type for fixed drives registry

How to Remove the Encryption Type Setting

💡Tip
If you want to let users choose their own settings again, delete the FDVEncryptionType item you created in the registry and restart your computer.

Summary

Enforcing specific BitLocker encryption types on Windows 11 drives keeps your data secure and simplifies setup for users, using either the Local Group Policy Editor or the Registry Editor.

What encryption does BitLocker use?

BitLocker secures your data with the AES encryption algorithm. Modern systems typically use AES-256 in XTS mode, offering robust protection for data at rest. Older systems might use AES-128 in CBC mode.

We recommend using AES-XTS for all drive types.

Was this guide helpful?

Tags: #Windows 11
Was this helpful?
Richard

About the Author

Richard

Tech Writer, IT Professional

Richard, a writer for Geek Rewind, is a tech enthusiast who loves breaking down complex IT topics into simple, easy-to-understand ideas. With years of hands-on experience in system administration and enterprise IT operations, he’s developed a knack for offering practical tips and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.

📚 Related Tutorials

How to Choose BitLocker Encryption Type on Windows 11 Drives
Windows How to Choose BitLocker Encryption Type on Windows 11 Drives
How to View Local Group Policies that are Configured in Windows 11
Windows How to View Local Group Policies that are Configured in Windows 11
How to Change BitLocker Encryption in Windows 11
Windows How to Change BitLocker Encryption in Windows 11
How to Enforce BitLocker Encryption on Removable Drives
Windows How to Enforce BitLocker Encryption on Removable Drives

No comments yet — be the first to share your thoughts!

Leave a Comment

Your email address will not be published. Required fields are marked *