Choose drive encryption method and cipher strength

This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted or if encryption is in progress. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about the encryption methods available.

If you enable this policy setting, you will be able to choose an encryption algorithm and key cipher strength for BitLocker to use to encrypt drives. The "with Diffuser" options only apply to Windows 7. On Windows 8 or higher machines, if a "with Diffuser" option is chosen, BitLocker will use AES with the same bit strength (128-bit or 256-bit) as the "with Diffuser" option.

If you disable or do not configure this policy setting, BitLocker will use the default encryption method of AES 128-bit or the encryption method specified by the setup script.

Supported on: At least Windows 7
Select the encryption method:


  1. AES 128-bit with Diffuser
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSOFTWARE\Policies\Microsoft\FVE
    Value NameEncryptionMethod
    Value TypeREG_DWORD
    Value1
  2. AES 256-bit with Diffuser
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSOFTWARE\Policies\Microsoft\FVE
    Value NameEncryptionMethod
    Value TypeREG_DWORD
    Value2
  3. AES 128-bit (default)
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSOFTWARE\Policies\Microsoft\FVE
    Value NameEncryptionMethod
    Value TypeREG_DWORD
    Value3
  4. AES 256-bit
    Registry HiveHKEY_LOCAL_MACHINE
    Registry PathSOFTWARE\Policies\Microsoft\FVE
    Value NameEncryptionMethod
    Value TypeREG_DWORD
    Value4


bitlockermanagement.admx

Administrative Templates (Computers)

Administrative Templates (Users)