A clean install of Windows 11 may soon result in the operating system encrypting your drives without asking. Not just the system drive but all drives. And not only in the Pro SKU but also at home. Why is this a problem, you may ask? The initial setup experience doesn’t mention this, so unsuspecting users could lose their data after discovering they don’t have decryption keys after reinstalling Windows.

In short, the problem is that Microsoft won’t let users decide whether to encrypt their drives or just warn them about it.

Although the auto-encryption story broke this week, Microsoft quietly announced the change as part of build 25905 in July 2023:

Starting with this build, we adjusted the prerequisites (removing Modern Standby/HSTI authentication and checking for untrusted DMA ports) for enabling device encryption so that it is enabled automatically when performing clean installs of Windows 11.

You can ensure that your fresh Windows 11 installation does not encrypt drives by changing the installation image or adjusting the registry at the beginning of the onboarding experience, also known as OOBE.

Option 1: Disable encryption in the Windows registry

After hearing the startup chime, Windows 11 will prompt you to select the correct country or region. At this point, you need to open the Windows registry and tell the operating system not to encrypt your drives.

1. to press Shift + F10 (or Shift + Fn + F10), type regedit, and press Enter. This will launch the Registry Editor.
2. go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\BitLocker and right click on BitLocker key (folder).
3. choose New > Dword (32-bit) value. and change its name to PreventDeviceEncryption.
4. Open the new value and change its value data from 0 to 1 (via Deskmodder).
   

5. Close the editor and command prompt, then continue with the login experience as normal.

To test the encryption of your drives, run the command prompt as an administrator and type manage-bde -status. The command line will return your list of drives, so check the “Conversion Status” field – it should read “Fully Decoded”.

Option 2: Change Windows 11 image

If you want a more user-friendly or permanent solution, say, you want to install Windows 11 on several machines, then changing Windows 11 image is a better option that will save you time. A third-party app called Rufus will help you prevent Windows 11 from encrypting your device.

1. Download Rufus from its official website.
2. Get Image of Windows 11 from the official website or the media creation tool.
3. Connect a USB drive, select the image and click start.
4. Rufus will guide you to select some options to improve your user experience. The one you need is at the very bottom, called “Disable BitLocker automatic device encryption.”
   

5. Once you’re done creating your media, install Windows 11 as you normally would.

Note that disabling automatic disk encryption will not prevent you from using BitLocker in the future.