Enabling BitLocker 256 bit AES

This setting is found in group policy, you can modify the settings on your own computer if your computer isn’t part of a domain. Run gpedit.msc from Run.

Navigate to Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption. Double-click the “Choose drive encryption method and cipher strength” setting.

Select Enabled, click the drop-down box, and select AES 256-bit. Click OK to save your change. You will now need to start GPUpdate from Run

BitLocker will now use 256-bit AES encryption when creating new volumes. This setting only applies to new volumes you enable BitLocker on. Any existing BitLocker volumes will continue to use 128-bit AES. The only way to convert these volumes is to decrypt and re-encrypt them.

To check the drive is indeed encrypted with AES-256 bit you can run the following from a cmd window.

manage-bde -status

If you found this article helpful, would you consider buying me a Coffee?