Enabling BitLocker for 256bit Encryption

This setting is found in group policy, you can modify the settings on your own computer if your computer isn’t part of a domain. Run gpedit.msc from Run.

Navigate to Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption. Double-click the “Choose drive encryption method and cipher strength” setting.

Select Enabled, click the drop-down box, and select AES 256-bit. Click OK to save your change. You will now need to start GPUpdate from Run

BitLocker will now use 256-bit AES encryption when creating new volumes. This setting only applies to new volumes you enable BitLocker on. Any existing BitLocker volumes will continue to use 128-bit AES. The only way to convert these volumes is to decrypt and re-encrypt them.

To check the drive is indeed encrypted with AES-256 bit you can run the following from a cmd window.

manage-bde -status

Found priceless insights in this blog? Support the author’s creativity – buy them a coffee!

Leave a Reply

Your email address will not be published. Required fields are marked *