How to Prevent Windows 10 and Windows 11 from Encrypting Your Drive During a Clean Installation

When installing Windows 10 or Windows 11, some devices automatically enable disk encryption. This background process can take a considerable amount of time and complicate data recovery if access to your account is lost. In this guide, we’ll explore how to prevent automatic disk encryption during a clean installation of Windows.

Why Does Windows Encrypt the Disk by Default?

Microsoft aims to enhance the security of its operating systems, and automatic disk encryption is one of the ways it protects user data. This feature is typically enabled on devices that meet security requirements, such as those with TPM (Trusted Platform Module) and Secure Boot support. Automatic encryption is also activated when using a Microsoft account for added data protection.

How to Disable Automatic Disk Encryption During Installation

Step 1: Use a Local Account During Installation

If you sign in with a Microsoft account during the installation, the system will enable encryption by default. To avoid this, create a local account at the installation stage. In Windows 11, you can accomplish this by disconnecting from the internet during installation, preventing the option to log in with a Microsoft account. Choose the option to create a local account during the setup process.

Step 2: Temporarily Disable TPM in BIOS/UEFI

If your computer supports TPM, you can temporarily disable it in the BIOS or UEFI settings before installing Windows. This will prevent automatic encryption. To do this:

  • Enter the BIOS or UEFI settings (typically by pressing Del or F2 when turning on your computer).
  • Navigate to the security settings or TPM section (usually under Security or TPM).
  • Disable TPM and save the changes.

After Windows is installed, you can re-enable TPM if it is needed for other system functions.

Step 3: Disable BitLocker After Installation

If the system is already installed and encryption is active, you can manually turn it off:

  1. Open the Control Panel and go to BitLocker Drive Encryption.
  2. Locate the main drive (usually C:) and select Turn off BitLocker.
  3. Wait for the decryption process to complete.

This method is useful if you’ve already completed the installation and noticed that the disk is encrypted.