How to Disable BitLocker Encryption on Windows 11/10 (3 Methods)

BitLocker is Windows' built-in drive encryption feature that protects your data by making it unreadable to anyone without the correct key. While it is a powerful security tool, there are legitimate situations where you need to turn it off temporarily. This guide walks you through three reliable methods to disable BitLocker on Windows 11 and Windows 10.

If you manage BitLocker across multiple devices in an organization, consider exploring Zecurit's BitLocker Management for centralized control and policy enforcement.

Why You Might Need to Disable BitLocker

Before jumping into the steps, it helps to understand the common reasons for disabling BitLocker:

Hardware Troubleshooting: Certain diagnostic tools and repair processes cannot run correctly on an encrypted drive. Temporarily disabling BitLocker gives these tools the access they need.

Component Upgrades: When replacing a hard drive (HDD) or solid-state drive (SSD), you must decrypt the existing drive first to ensure a smooth data migration.

Operating System Migration: Installing a new version of Windows or switching to a different OS often requires BitLocker to be off in advance to avoid installation errors. If you are planning an upgrade, be sure to also review Windows 10 End of Life guidance to understand what that means for your device security posture.

Performance: BitLocker has a minimal but measurable impact on disk read/write speeds. Some users choose to disable it on drives that do not store sensitive information.

Important Considerations Before You Start

Take note of these key points before proceeding with any method:

• Back up your data. While the decryption process is generally safe, data loss can occur in rare cases. Always back up your important files first.
• Security risk. Disabling BitLocker removes a critical layer of protection. Anyone with physical access to the drive will be able to read its contents. Re-enable BitLocker as soon as you no longer need it disabled.
• Have your recovery key ready. You may be prompted for your BitLocker recovery key during decryption, particularly for system drives. Keep it accessible before you begin.
• Decryption takes time. Depending on drive size and the volume of data, the process can take anywhere from minutes to several hours.

Method 1: Disable BitLocker Using the Windows Settings (GUI)

This is the most straightforward approach and is recommended for most users. No command-line experience is required.

Step 1: Press Windows key + I to open the Settings app.

Step 2: Go to System > Storage.

Step 3: Under "Advanced storage settings," click Disks & volumes.

Step 4: Locate the drive you want to decrypt and click Properties.

Step 5: In the BitLocker section, click the Turn off BitLocker button.

Step 6: A confirmation prompt will appear. Click Turn off BitLocker again to begin.

Windows will start the decryption process automatically. You can continue using your PC during decryption, though you may notice a slight slowdown. The drive icon in File Explorer will update once decryption is complete.

Note: On Windows 10, you can also reach BitLocker settings via Control Panel > System and Security > BitLocker Drive Encryption.

Method 2: Disable BitLocker Using Command Prompt

For users who prefer command-line tools or need to automate the process, the manage-bde command offers a fast and direct approach.

Step 1: Open the Start Menu, type cmd, right-click Command Prompt, and select Run as administrator.

Step 2: Type the following command and press Enter, replacing <drive letter> with the letter of the encrypted drive (for example, C:):

manage-bde -off C:

Step 3: Decryption starts immediately. To check progress at any time, run:

manage-bde -status C:

Step 4: Wait until the Protection Status field shows as Off and the Conversion Status shows Fully Decrypted.

The manage-bde tool is part of Windows and requires no additional installation. It is especially useful when scripting BitLocker changes across multiple machines. For large-scale Windows device management, see Zecurit's Windows Endpoint Management for tools that handle this at scale.

Method 3: Disable BitLocker Using PowerShell

PowerShell provides more detailed control and richer output than Command Prompt, making it a good choice for IT administrators and advanced users.

Step 1: Open the Start Menu, type powershell, right-click Windows PowerShell, and select Run as administrator.

Step 2: First confirm the drive is encrypted by checking its status:

Get-BitLockerVolume -MountPoint "C:"

Replace "C:" with your target drive letter. This command displays the current protection status and encryption percentage.

Step 3: To begin decryption, run:

Disable-BitLocker -MountPoint "C:"

Step 4: Monitor decryption progress by re-running the status command from Step 2. Watch the EncryptionPercentage field decrease toward zero. Once it reaches 0% and VolumeStatus shows FullyDecrypted, the drive is no longer encrypted.

PowerShell's Disable-BitLocker cmdlet integrates naturally into automated workflows, making it a strong fit for remote script execution and configuration management pipelines.

Re-enabling BitLocker After Your Task Is Done

Once you have completed the hardware change, troubleshooting task, or OS migration, it is important to re-enable BitLocker promptly. Leaving a drive unencrypted for an extended period creates a window of risk, particularly for laptops and portable devices.

To learn how to turn BitLocker back on, refer to Microsoft's official guide to enabling BitLocker. For organizations looking to enforce BitLocker policies consistently across all Windows devices, Zecurit's BitLocker Management Overview covers centralized deployment, recovery key management, and compliance reporting.

Related Resources

• What is BitLocker Encryption?
• BitLocker Management for Organizations
• Windows Endpoint Management Software
• What is Endpoint Security?
• Microsoft: Find your BitLocker recovery key
• Microsoft: manage-bde command reference
• Microsoft: BitLocker overview