+3 votes
481 views
How to disable hardware encryption Bitlocker disk SSD Windows 10

in Security by (552k points)
reopened | 481 views

1 Answer

+4 votes
Best answer

1. Check the status of BitLocker in Windows 10
2. Disable BitLocker from PowerShell in Windows 10
3. Disable BitLocker from Group Policies in Windows 10
4. Disable BitLocker from Registry Editor in Windows 10

Windows 10 integrates a security functionality that allows you to protect the information stored on the hard disk which can be sensitive or confidential. As we know, we are continually exposed to various types of attacks of all kinds not only on the network but through internal means. To give us an additional security option Windows 10 integrates BitLocker which makes use of an encryption that has been developed as a data protection feature of the operating system. Bitlocker encryption is a function that allows us to have data protection against the exposure of external hazards in information theft. Thanks to TPM we will help, even if someone tries to modify or manipulate our computer or try to decipher our keys, the key that is saved in TPM is needed..

BitLocker is responsible for raising the level of protection if it is used with version 1.2 or later of the Secure Platform Module (TPM). In this case, the TPM is a hardware component which is installed on most new computers and works simultaneously with BitLocker to help protect both system and user data. In this way we can guarantee that the equipment has not been altered when the system was offline.

Now, a vulnerability was recently discovered in the hardware encryption process implemented on various solid state or SSD hard drives. In which, when hardware encryption is available, it is not verified whether the encryption is susceptible to failures and software-based encryption is disabled , which results in vulnerable data. The failure is mainly that SSD hard drives allow access to encryption keys. This causes the central security base to be violated and thus exposes the data and information on the disk, which is not feasible at all..

The Microsoft development group recommends disabling hardware encryption and switching to BitLocker software encryption in order to increase security levels. That is why TechnoWikis will explain how to achieve this.

To keep up, remember to subscribe to our YouTube channel! SUBSCRIBE


1. Check the status of BitLocker in Windows 10

Step 1

The first step to take will be to validate the current status of BitLocker encryption and for this we must access the command prompt as administrators and there execute the following:
 manage-bde.exe -status 
Step 2

When executing this command we will see the following result where we find specific details of BitLocker as. To check if encryption is active, we must look at the line "Encryption method" or "Encryption Method" which can be with hardware encryption or AES encryption.
  • BitLocker Version
  • Encrypted percentage of the media or device
  • Encryption Method Used
  • Protection status
  • Lock state
  • Automatic unlock and more
image

2. Disable BitLocker from PowerShell in Windows 10


To perform this process, we access Windows PowerShell as administrators and execute the following. There we press Enter to confirm the action.
 Enable-BitLocker -HardwareEncryption: $ False 
image

3. Disable BitLocker from Group Policies in Windows 10

Step 1

This option applies to the Pro, Enterprise and Studio editions of Windows 10 and for this we must use the following key combination and execute the following:

+ R

 gpedit.msc 
Step 2

In the displayed window we will go to the following route:
  • Equipment configuration
  • Administrative Templates
  • Windows components
  • BitLocker Drive Encryption
  • Operating System Units
Step 3

There we will locate the policy called “Configure the use of hardware-based encryption for operating system units”: image
Step 4

We double-click on it and in the displayed window we activate the “Disabled” box. Click on Apply and Accept to save the changes.

image


4. Disable BitLocker from Registry Editor in Windows 10

Step 1

This method is compatible with all editions of Windows 10 and for use we must combine the following keys and execute the "regedit" command .

+ R

 Regedit 
Step 2

In the displayed window we will go to the following route:
 HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Microsoft \ FVE 
Step 3

In case the FVE key is not available, we will right click on the Microsoft key and select the “New / Password” option and assign the name FVE:

image

Step 4

Now, in any free place the FVE key will right click and select the option “New / DWORD Value (32 bits)”:

image

Step 5

This new value will be called “OSAllowedHardwareEncryptionAlgorithms”:
 OSAllowedHardwareEncryptionAlgorithms 

image

Step 6

We will double-click on it and in the Value data field we set the number 0. Click on OK to save the changes.

image

Using any of these methods it will be possible to disable BitLocker encryption and avoid this vulnerability on some SSDs..


by (3.5m points)
edited
This article shows the indepth knowledge of the author.  It shows the dedication and hardwork of the author. Hats off!

Related questions

+5 votes
1 answer
+4 votes
1 answer
asked Jul 31, 2020 in Security by backtothefuture (552k points) | 728 views
+5 votes
1 answer
asked Oct 25, 2022 in Guides by backtothefuture (552k points) | 77 views
+3 votes
1 answer
+4 votes
1 answer
Sponsored articles cost $40 per post. You can contact us via Feedback

Most popular questions within the last 30 days

10,659 questions
10,791 answers
510 comments
3 users