My Windows Hub

How to Set Default BitLocker Encryption Method and Cipher Strength in Windows 10?

The default Bitlocker Encryption Method and Cypher Strength in Windows 10 can be set via a policy in Local Group Policy Editor.
This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted, or if encryption is in progress.

If you enable this policy setting you will be able to configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and removable data drives individually. For fixed and operating system drives, we recommend that you use the XTS-AES algorithm. For removable drives, you should use AES-CBC 128-bit or AES-CBC 256-bit if the drive will be used in other devices that are not running Windows 10 (Version 1511).

If you disable or do not configure this policy setting, BitLocker will use AES with the same bit strength (128-bit or 256-bit) as the “Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7)” and “Choose drive encryption method and cipher strength” policy settings (in that order), if they are set. If none of the policies are set, BitLocker will use the default encryption method of XTS-AES 128-bit or the encryption method specified by the setup script.”

Steps to Set Default BitLocker Encryption Method and Cipher Strength in Windows 10

1. Press Win+R to open Run Window. Type gpedit.msc to open Local Group Policy Editor.

2. In the left panel, navigate to the following location

Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption/ Fixed Data Drives

3. In the right pane, you will find a policy as Choose drive encryption method and cipher strength (Windows 10 (Version 1511) and later). Double tap on it to edit it.

4. If you want to use default BitLocker Drive Encryption method and Cipher Strength, then select Not Configured or Disabled. Then click on OK to confirm.

5. If you want to choose BitLocker Drive Encryption Method and Cipher Strength. Then check the option Enabled, select the encryption method you want for operating system drives, fixed data drives, and removable data drives.

6. Close Local Group Policy Editor.


Nick is a Software Engineer. He has interest in gadgets and technical stuffs. If you are facing any problem with your Windows, feel free to ask him.