Be careful with encryption in new versions of Windows

Z

zord

Level 1
Thread author
Jul 5, 2014
26
45
29
126
Be careful with the new version of the Windows 24h2 system. The system automatically encrypts all disks without any notification or information. I found this out when I reverted to an older version of the system and discovered that none of the disks could be read. It ended up with another installation of 24h2 and many hours of decrypting, which put a huge strain on the disks. This was particularly noticeable on SSDs, which became extremely hot during this time and incurred many TBs of writes. After the entire operation, they lost a few percent of their "health." Something like this not only can cause data access loss but also can physically damage the disk.
 
  • Like
  • +Reputation
  • Wow
Reactions: Sunshine-boy, Marko :), brambedkar59 and 3 others
Thanks for sharing your experience. It's crucial to be aware of these potential issues when updating to newer versions of Windows. Always ensure to back up data and understand the encryption process before proceeding with such updates.
 
I disable it since it's inception, including EFS. Note that you should decrypt files before disabling it. Disabling encryption services will prevent them from encrypting anything in the future..
Code: 
reg add "HKLM\System\CurrentControlSet\Control\BitLocker" /v "PreventDeviceEncryption" /t REG_DWORD /d "1" /f
fsutil behavior set disableencryption 1
manage-bde -off C:
manage-bde -off D:
cipher /d /s:C:\
sc config EFS start= disabled
sc config BDESVC start= disabled
 

Attachments

  • capture_05312024_120837.jpg
    capture_05312024_120837.jpg
    59.8 KB · Views: 159
  • Like
  • +Reputation
Reactions: Nevi, Sunshine-boy, Bill K and 3 others
Now I know how to disable it during the system installer creation stage. The most important thing is that Microsoft should not enable this by default. If they do, they should warn that it may lead to data loss or hardware damage.
 
  • Like
Reactions: Nevi, Sunshine-boy and TairikuOkami
One of the disks was automatically decrypted, while the other, which was not fully encrypted, remained in a "pending" status and had to be decrypted manually.
It doesn't change the fact that decrypting large data disks takes many hours.
 
  • Like
  • Hundred Points
Reactions: Nevi, Sunshine-boy and TairikuOkami
TairikuOkami said:
I disable it since it's inception, including EFS. Note that you should decrypt files before disabling it. Disabling encryption services will prevent them from encrypting anything in the future..
Code: 
reg add "HKLM\System\CurrentControlSet\Control\BitLocker" /v "PreventDeviceEncryption" /t REG_DWORD /d "1" /f
fsutil behavior set disableencryption 1
manage-bde -off C:
manage-bde -off D:
cipher /d /s:C:\
sc config EFS start= disabled
sc config BDESVC start= disabled
Click to expand...

Does this work on upgrades/repairinstall too?
 
  • Like
Reactions: Nevi and oldschool
Ok, let's say I'm for encryption as I usually am. What I have to lose here? If I want to revert to 23H2, I won't be able to because the disk is encrypted? Does that mean I won't ever be able to roll-back Windows to previous version unless I decrypt the drive first? Does encrypting-decrypting the drive wears the SSD more?
 
If you're referring to disks other than the system one, you won't be able to use them without prior decryption, neither on another computer nor on an earlier version of the system. Secondly, if the disk is empty, there's no major issue, and files added will be encrypted on the fly. However, if the disk is full, each file on it will be rewritten, resulting in a significant disk load, when decrypting, the same applies: each file will be rewritten
 
  • Thanks
  • Like
Reactions: Nevi and Marko :)
If my W11 drives all show BitLocker Version: None, Fully Decrypted and Encryption Method: None with Protection Off, is this still a concern when Windows is updated?

You can disable 'BitLocker Drive Encryption Service' in Services, would that be an effective way to prevent encryption from being activated via a Windows update? Thanks!
 
Last edited:
Another day of struggle, today I reinstalled 23h2 again hoping that everything would be fine. The drives are decrypted, but unfortunately, Windows claims that it doesn't recognize the file system and there's no way to use them without formatting and complete data loss. It looks like I'm forever doomed to using 24h2 :confused:
 
One more thing to do now before updating your Windows, great :/

Have an external SSD to backup everything on but still, considering how often Windows updates are, it's frustrating to do that every time...

Thanks for the heads up though!
 

You may also like...