Policy

Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)

Windows 11 25H2

Back to categoryOpen picker

Policy overview

Key metadata and intent for this policy.

ClassComputer
CategoryWindows Components > BitLocker Drive Encryption
Supported onWindows Server 2008, Windows 7, and Windows Vista

Supported OS tags: Windows7, WindowsServer2008, WindowsVista

This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted or if encryption is in progress. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about the encryption methods available. This policy is only applicable to computers running Windows Server 2008, Windows Vista, Windows Server 2008 R2, or Windows 7. If you enable this policy setting you will be able to choose an encryption algorithm and key cipher strength for BitLocker to use to encrypt drives. If you disable or do not configure this policy setting, BitLocker will use the default encryption method of AES 128-bit with Diffuser or the encryption method specified by the setup script.

Internal name
EncryptionMethod_Name
Policy ID
df27517ceeb8
Elements
1

Registry values

How enabled and disabled states update the registry.

No explicit registry values are set for enabled or disabled states.

Policy elements

Inputs and configuration options exposed by this policy.

ElementTypeRegistry mappingConstraints & behavior
Select the encryption method:
ID EncryptionMethodDropDown_Name
enum
HKLM\SOFTWARE\Policies\Microsoft\FVE\EncryptionMethod
Type REG_DWORD
Options: AES 128-bit with Diffuser (1), AES 256-bit with Diffuser (2), AES 128-bit (default) (3), AES 256-bit (4)

Other policies in this category

Explore related policies at the same level.