Certain users may discover that PC accidentally turned off BitLocker and is unable to be reactivated due to mysterious disk malfunctions. This guide demonstrates how to reactivate BitLocker and deactivate it.
“Hi, Instead of stopping, accidentally BitLocker turned off on my Samsung SSD Evo, and I want to turn it back on. When I do, I am prompted to encrypt "part of all of drive", which I understand is unnecessary as my SSD has its encryption (as I did not receive initially when things were working correctly). I have UEFI booting, TPM, and'secure boot' in the bios. After turning off the TPM and rebooting, I'm asked for the BitLocker recovery key, which I don't think is normal. Why would I need a recovery key if BitLocker is off? I'm considering wiping the SSD and reinstalling Win10 to acquire BitLocker. If this is what I'm up against, BitLocker may not be worth the hassle. Despite BitLocker being off in win10, the SSD says once I've turned on encryption it can't be taken off, therefore I'm 1/2 encrypted.”
--User from Microsoft Community
Although BitLocker offers convenience for users to protect their privacy, some SSD users may confront some prblems among TPM, UEFI, and BitLocker. In our case, the user found the BitLocker drive on the SSD accidentally turned off and he could not enable it again. The most possible reason is some incompatible settings of TPM and BitLocker, and also some other issues can cause this issue:
And for encryption of the whole drive, the prompt to encrypt part or all of the drive might be due to the system treating the drive as unencrypted after BitLocker was turned off, prompting the user to encrypt it again. Additionally, the accidental turning off of BitLocker could have reset its configuration, leading to the system asking for encryption settings once more.
Being asked for the BitLocker recovery key when TPM is off can occur because, without the TPM, BitLocker relies on the recovery key as a fallback security measure to ensure that unauthorized changes to the system configuration do not compromise data security. Additionally, BitLocker depends on the TPM to store encryption keys securely, so if the TPM is disabled, BitLocker cannot access these keys and thus prompts for the recovery key.
To resolve accidentally turned off BitLocker on SSD and can’t turn it on again, you can try some setting fixes and if they can’t help you, you can try some third-party tool to encrypt your drive.
Since the PC asks to encrypt "part of all of drive", you can try to encrypt your whole drive and see if you can get a new recovery key, which should replace the old one. Please ensure that the TPM is left enabled.
Step 1. Open the control panel and select BitLocker Drive Encryption to enter the management BitLocker interface.
Step 2: In the window that opens, select the drive you want to encrypt and click, in the displayed drop-down menu, click Turn on BitLocker to start BitLocker encryption.
Step 3. Set a password for the BitLocker encrypted drive, and then Next.
Step 4. Select a way to backups the recovery key, then click Next.
Step 5. To this step, select Encrypt entire drive, then click Next.
Step 6. Now you can start the encryption process. Click Start encrypting.
The bad point you need to know is that the old Recovery Key may still be used, as the partition containing the boot sector is encrypted and you are currently being prompted for it when you disable the TPM. The sole method of verifying this is to deactivate the TPM after the drive has been encrypted and observe which recovery key is accepted before reactivating it. It is advisable to maintain a record of both keys as a precaution.
If you can’t turn BitLocker on, another way to reset BitLocker is to make sure turn it off completely, and restart your PC and try turn it on again.
Step 1. Open the Control Panel, go to System and Security, then BitLocker Drive Encryption.
Step 2. Select "Turn off BitLocker" for the affected drive and follow the prompts to decrypt the drive completely.
Now, you need to restart your computer. After PC is ready, try to go back to the BitLocker Drive Encryption settings and select "Turn on BitLocker." Follow the prompts to set up BitLocker encryption again.
If your Windows BitLocker function can’t help you, try AOMEI Partition Assistant Standard, a powerful Windows disk and drive manager for Windows 11/10/8/7 PC. The “BitLocker” function of this tool can perform the same BitLocker feature as Windows. Moreover, this tool allows users using Windows Home to use BitLocker to protect their data.
And this multifunctional software has many handy features like disk check, disk/partition clone, MBR/GPT data-safe conversion, etc.
The Best Windows Disk Partition Manager and PC Optimizer
Step1. First, download and open AOMEI Partition Assistant Standard. Then, click on the "Tools" tab and choose "BitLocker".
Step 2. You'll see a list of all the drives on your computer, including your operating system drive, fixed data drives, and removable drives. Find the drive you want to encrypt with BitLocker and click on "Turn on BitLocker". (For example, let's say it's drive D:)
Tip: It only supports encrypting NTFS partitions. If you are using FAT or FAT32 or other file system, please convert it to NTFS.
Step 3. Set a password for the drive and confirm it by clicking "Next".
Step 4. Choose how you want to back up your recovery key. You can either save it to a file or print it out.
Step 5. If you select "Save to a file", please choose a location on your PC to save the recovery key.
Then, please click the "Next" button to start the encryption process.
Step 6. The encryption might take a while. Don't close the program, remove the drive, or shut down your computer until it's done. Once it's finished, click "Completed". Now, your drive is BitLocker encrypted.
If BitLocker always cause problems on your disk, you can also choose to permanently disable it on your PC.
Group Policy Editor is in charge of turning on or off all the services in Windows, including the BitLocker service, it's the most complicated method compared to others, but we’ll give a specific step guide here:
Step 1. Press the Win+R combination and run command “gpedit.msc” to open Local Group Policy Editor.
Step 2. Now, please proceed to the designated pathway:
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Fixes Data Drives
Ultimately, find the setting that restricts writing access to non-BitLocker protected fixed drives.
Step 3. Double-click on it, then within, adjust the status to Disabled. Finally, press OK and restart the computer.
This post is about how to resolve accidentally turned off BitLocker on Windows PC. If Windows tools can't help you, you can turn to AOMEI Partition Assistant to solve the problem, no matter you need to check your disks or manage BitLocker drive, this tool will offer you satisfactory methods.
Besides Windows PC, this tool also has the Server edition for Windows Server 2022/2019/2016/2012 users to manage Windows Server disks and drives efficiently.