Enabling BitLocker 256 bit AES

Enabling BitLocker for 256bit Encryption

This setting is found in group policy, you can modify the settings on your own computer if your computer isn’t part of a domain. Run gpedit.msc from Run.

Navigate to Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption. Double-click the “Choose drive encryption method and cipher strength” setting.

Select Enabled, click the drop-down box, and select AES 256-bit. Click OK to save your change. You will now need to start GPUpdate from Run

BitLocker will now use 256-bit AES encryption when creating new volumes. This setting only applies to new volumes you enable BitLocker on. Any existing BitLocker volumes will continue to use 128-bit AES. The only way to convert these volumes is to decrypt and re-encrypt them.

To check the drive is indeed encrypted with AES-256 bit you can run the following from a cmd window.

manage-bde -status

If you found this article helpful, would you consider buying me a Coffee?

Leave a Reply

Your email address will not be published.