Enforce drive encryption type on fixed data drives

This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption type has no effect if the drive is already encrypted or if encryption is in progress. Choose full encryption to require that the entire drive be encrypted when BitLocker is turned on. Choose used space only encryption to require that only the portion of the drive used to store data is encrypted when BitLocker is turned on.

If you enable this policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not be presented in the BitLocker setup wizard.

If you disable or do not configure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker.

Supported on: At least Windows 8

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSOFTWARE\Policies\Microsoft\FVE
Value NameFDVEncryptionType
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

Select the encryption type:


  1. Allow user to choose (default)
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSOFTWARE\Policies\Microsoft\FVE
    Value NameFDVEncryptionType
    Value TypeREG_DWORD
    Value0
  2. Full encryption
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSOFTWARE\Policies\Microsoft\FVE
    Value NameFDVEncryptionType
    Value TypeREG_DWORD
    Value1
  3. Used Space Only encryption
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSOFTWARE\Policies\Microsoft\FVE
    Value NameFDVEncryptionType
    Value TypeREG_DWORD
    Value2


volumeencryption.admx

Administrative Templates (Computers)

Administrative Templates (Users)