Friday, 15 May 2020

How to disable BitLocker encryption?

BitLocker can be disabled using the following modes in the Imaging computer,

  1. Through Windows Command Prompt
  2. Through Windows GUI mode
  3. Through Windows Power shell mode

1) Through Windows Command Prompt

Ensure that you have logged onto Admin user account to disable bitlocker encryption. Follow the steps given below to disable bitlocker encryption using Command Prompt.

  1. Open Command prompt in Administrator mode.
  2. To check the status of BitLocker encryption in the system execute the command given below.

    manage-bde -status

  3. Ensure that the results for the required drives(C:, D:, etc) are as follows.

    Conversion Status : Fully Decrypted

    Percentage Encrypted : 0.0%

    Check_bitlocker_status_new

  4. If the result is "Percentage Encrypted : 100.0%", decrypt the BitLocker for the required drives using the commands given below.

    manage-bde -off <drive letter>:

    E.g.: manage-bde -off C:
  5. Check the BitLocker status after disabling using the command (manage-bde -status) and ensure that the "Percentage Encrypted : 0.0%", before proceeding with the image creation process.

2) Through Windows GUI mode

Ensure that you have administrator credentials to disable bitlocker encryption. Follow the steps given below to disable bitlocker encryption in GUI mode,

  1. Click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption.
  2. Look for the drive on which you want BitLocker Drive Encryption turned off, and click Turn Off BitLocker.
  3. A message will be displayed, stating that the drive will be decrypted and that decryption may take some time. Click Turn off Bitlocker / Decrypt the drive to continue and turn off BitLocker on the drive.
 
This might take some time to decrypt the drive and remove BitLocker protection.
 
NOTE: 

You can ensure if the BitLocker encryption is removed by checking if the Bitlocker lock icon is removed in the particular drive and by accessing the particular drive. You can repeat the same steps to disable Bitllocker Encryption in other drives.

3) Through Windows Powershell mode

To disable Bitlocker encryption in Windows Powershell mode, Windows Power shell must be installed in your system. If not download & install proper Windows Powershell version from Microsoft website. Also check the Powershell System requirements before proceeding installation.

Note: If the partition with the operating system contains any automatic unlocking keys, the cmdlet to disable bitlocker encryption will not work. You can use the Clear-BitLockerAutoUnlock cmdlet in Powershell window to remove all automatic unlocking keys to disable BitLocker for the partition.

Disable Bitlocker for all volumes

  1. Open Windows Powershell in Administrator mode and execute the following commands 
    • PS C:\>$BLV = Get-BitLockerVolume
    • PS C:\>Disable-BitLocker -MountPoint $BLV
  2. Verify the decryption process by using below method
    • Execute command: PS C:\> Get-BitlocerVolume
    • Check decryption progress in "Volume Status"  & "Encryption Percentage". Also these values must be "FullyDecrypted" & 100%  to confirm the decryption completion.
    • or

    • Progress can be seen in Control Panel -> System and Security -> BitLocker Drive Encryption.
Disable Bitlocker for a single volume
  1. Open Windows Powershell in Administrator mode
  2. Disable-BitLocker -MountPoint "C:"
  3. Verify the decryption process by using below method
    • Execute the command: PS C:\> Get-BitlocerVolume -MountPoint "C:"
    • Check decryption progress in "Volume Status"  & "Encryption Percentage". Also these values must be "FullyDecrypted" & 100% to confirm the decryption completion.
    • or

    •  Progress can be seen in Control Panel -> System and Security -> BitLocker Drive Encryption . 
Wait until it shows that Bit locker encryption is turned off . 

No comments:

Post a Comment