Enabling BitLocker 256 Bit AES

This setting is found in group policy, you can modify the settings on your own computer if your computer isn’t part of a domain. Run gpedit.msc from Run.

Navigate to Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption. Double-click the “Choose drive encryption method and cipher strength” setting.

Select Enabled, click the drop-down box, and select AES 256-bit. Click OK to save your change. You will now need to start GPUpdate from Run

BitLocker will now use 256-bit AES encryption when creating new volumes. This setting only applies to new volumes you enable BitLocker on. Any existing BitLocker volumes will continue to use 128-bit AES. The only way to convert these volumes is to decrypt and re-encrypt them.

To check the drive is indeed encrypted with AES-256 bit you can run the following from a cmd window.

manage-bde -status

M	T	W	T	F	S	S
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31

Effortlessly Enhancing Data Security with BitLocker Automation

Set Microsoft Edge as the default browser via GPO

KB5009624, KB5009557 and KB5009555 coming to break a server near you soon!

Optimize DHCP Management with PowerShell: Comprehensive Analysis and Reservation Export

Map Your World: Introducing Our Free GPS Access Point Mapper

Elevate Your Online Security with Our Advanced Complex Password Generator

Boost Your Online Security with Our Advanced Password Generator

Wi-Fi QR Code Generator: Simplifying Network Sharing

Recent Comments

Found priceless insights in this blog? Support the author’s creativity – buy them a coffee!

More

Leave a Reply Cancel reply

You may have missed

Recent Comments