What is the difference between disabling BitLocker Drive Encryption and decrypting the volume?

BitLocker can be turned off in two ways: by disabling BitLocker or by decrypting the volume. When you disable BitLocker, your hard drive is still encrypted but your computer uses a plain text decryption key that is stored on the hard drive to read the information. When you decrypt the volume, everything on your hard drive is decrypted.

Disabling BitLocker Drive Encryption is a temporary method for removing BitLocker protection without decrypting the drive Windows is installed on. Disable BitLocker if you need to update the computer’s basic input/output system (BIOS) or startup files. This precaution will help prevent BitLocker from locking the drive and can help avoid the potentially lengthy decryption process. Enable BitLocker again when the update is complete and you have restarted the computer. When it is disabled, BitLocker uses a plain text key that it stores on the computer to read your files. Even though the hard drive is encrypted, the information on the drive is not secure. When you re-enable BitLocker, the plain text key is removed and Bitlocker once again secures the volume by using the Trusted Platform Module (TPM) or a password (if enabled by Group Policy settings).

Decrypting the volume means that BitLocker protection is removed from the computer and the drive is decrypted, which can be time-consuming. When you decrypt the volume, all of the information stored on that computer is decrypted. If you decide to turn BitLocker back on, it will either use the TPM on that computer or it will require you to set up another password. You might want to decrypt a volume before moving it to a new computer and then turn on BitLocker on the new computer to encrypt the volume again.

To turn off or temporarily disable BitLocker

  1. Open Bitlocker Drive Encryption by clicking the Start button Picture of the Start button, clicking Control Panel, clicking Security, and then clicking Bitlocker Drive Encryption. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

  2. Do one of the following:

    • To temporarily disable BitLocker, click Turn Off BitLocker, and then click Disable BitLocker Drive Encryption.

    • To turn off BitLocker and decrypt the volume, click Turn Off BitLocker, and then click Decrypt the volume.

Note

  • Some BitLocker features and settings can be enabled by Group Policy settings.