메인 콘텐츠로 이동
  • 빠르고 간편하게 주문
  • 주문 보기 및 배송 상태 추적
  • 제품 목록을 생성 및 액세스

Automatic BitLocker Device Encryption for Dell Computers

요약: BitLocker encryption for Dell computers. Learn about necessary requirements, vital hardware specs, and key management steps for effective Windows security.

이 문서는 다음에 적용됩니다. 이 문서는 다음에 적용되지 않습니다. 이 문서는 특정 제품과 관련이 없습니다. 모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.

증상

No symptom information is available.

원인

No cause information is available.

해결

Windows Encryption

Applies to: Windows 10, and Windows 11

BitLocker device encryption is supported on a broad range of devices, including those that meet Modern Standby standards and devices that run Windows 10 Home edition or Windows 11.


Key Hardware Requirements

Firmware/BIOS  
  • UEFI (for Unified Extensible Firmware Interface)
  • Enable S0 (Modern Standby), Disable S3 (Legacy)
TPM
  • Trusted Platform Module (TPM) version 2.0
Storage
  • SSD (SATA and NVMe)
  • Hybrid (Spindle HDD with NAND cache)
  • Spindle (SSHD or SSD+HD)
Note: Self-Encrypting Drives (SED) are automatically encrypted by BitLocker in Windows 10 1709 and higher. September 24, 2019—KB4516071 (OS Build 16299.1420) (Microsoft.com) This hyperlink is taking you to a website outside of Dell Technologies.

Dell computers are not encrypted at the factory but follow the recommendation from Microsoft to support automatic device encryption. BitLocker Device Encryption This hyperlink is taking you to a website outside of Dell Technologies.

After a clean installation of Windows 11 or Windows 10 is completed and the out-of-box experience (OOBE) is finished, the computer is prepared for first use. As part of this preparation, BitLocker device encryption is initialized on the Operating System drive and fixed data drives.


Check, Suspend/Pause, and Prevent the Device Encryption

Check the Current Encryption Status

Open a PowerShell or Terminal window as Administrator and type:
manage-bde -status : (replace with the drive letter, e.g., “C”)

Suspend Device Encryption

Suspend-BitLocker -MountPoint "C:" -RebootCount 0
This command suspends BitLocker encryption on the BitLocker volume that is specified by the MountPoint parameter. Because the RebootCount parameter value is 0, BitLocker encryption remains suspended until you run the Resume-BitLocker cmdlet.
To resume device encryption, use: Resume-BitLocker -MountPoint "C:"

Prevent or Disable Device Encryption

Preventing or disabling the device encryption should only be used in servicing scenarios.
The automatic BitLocker Device Encryption process can be prevented by changing the registry setting:

Key KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLocker
Subkey PreventDeviceEncryption
Value True (1)

Modifying the registry key is only effective when applied to an image before installing Windows. If you want to stop encryption during OOBE and disable it permanently, use Manage-bde Off This hyperlink is taking you to a website outside of Dell Technologies..


Difference Between Suspending and Disabling Encryption

The suspension provides a quick option to temporarily disable the protection on the computer drive for service. The process only takes a few seconds to complete and ensures that the drive content is still protected from unauthorized access yet allows computer repair or maintenance to occur.

Decryption permanently removes the protection and makes the content accessible to anybody who can access the drive. Also, decrypting a drive is time-consuming: Microsoft estimates it takes approximately 1 minute per 500 MB of drive space. The device decryption should only be used before restoring a Windows image.


Preparing Your Computer for Service

Before making a change that might trigger a BitLocker Recovery Key, ensure that a recovery key was safely backed up before activating BitLocker protection. Ensure that any backed-up recovery key is accessible from another computer or phone: Finding your BitLocker Recovery Key in Windows This hyperlink is taking you to a website outside of Dell Technologies..

Device encryption should be suspended before the computer is serviced on-site or returned to a service center. The device encryption must be suspended before flashing the computer BIOS and when a motherboard or a computer drive replacement are expected.

Note: Dell BIOS installers automatically suspends BitLocker before the update is performed.

More Information

Back to Top

추가 정보

해당 제품

Alienware, Inspiron, OptiPlex, Vostro, XPS, G Series, G Series, Alienware, Inspiron, Latitude, Vostro, XPS, Fixed Workstations, Mobile Workstations
문서 속성
문서 번호: 000124701
문서 유형: Solution
마지막 수정 시간: 13 5월 2024
버전:  12
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.