Enabling BitLocker 256 Bit AES

This setting is found in group policy, you can modify the settings on your own computer if your computer isn’t part of a domain. Run gpedit.msc from Run.

Navigate to Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption. Double-click the “Choose drive encryption method and cipher strength” setting.

Select Enabled, click the drop-down box, and select AES 256-bit. Click OK to save your change. You will now need to start GPUpdate from Run

BitLocker will now use 256-bit AES encryption when creating new volumes. This setting only applies to new volumes you enable BitLocker on. Any existing BitLocker volumes will continue to use 128-bit AES. The only way to convert these volumes is to decrypt and re-encrypt them.

To check the drive is indeed encrypted with AES-256 bit you can run the following from a cmd window.

manage-bde -status

Tags: Group Policy, AES-256, BitLocker, Bitlocker AES256, BitLocker Drive Encryption, bitlocker windows 10, Enable Bitlocker AES 256 bit, enable bitlocker windows 10 256 bit, enable bitlocker windows 10 256 bit encryption, enable-bitlocker xts aes 256, GPO

M	T	W	T	F	S	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29

Effortlessly Enhancing Data Security with BitLocker Automation

Set Microsoft Edge as the default browser via GPO

KB5009624, KB5009557 and KB5009555 coming to break a server near you soon!

Ruckus auto voice VLAN config

Email Security Analysis: A PowerShell Approach to Identifying MFA-Enabled Domains

Convert ruckus unleashed to cloud in simple easy to follow steps

FIXED: Sophos System Protection Service (SSPService.exe) has high RAM Usage when using Splashtop

Automating Office 365 Distribution Group Management with PowerShell

Recent Comments

Found priceless insights in this blog? Support the author’s creativity – buy them a coffee!

More

Leave a Reply Cancel reply

You may have missed

Recent Comments