Is the device encryption enabled for your local account?
Is the device encryption enabled for your local account?
I'm assisting with setting up a new Windows 11 Pro system and installed a Local Account as requested. I checked the privacy settings and found Device Encryption enabled, indicating the drive was encrypted and ready for BitLocker. I decided to decrypt it, but I’m unsure if anyone has experience with this process. My belief is that a key would be needed to read the drive on another machine, but there was no key provided without activating BitLocker. I didn’t want to risk their data by trying without a key. Is it possible that Windows 11 is encrypting drives in a special state or that the encryption wasn’t fully applied?
In my understanding, BitLocker does not provide a key directly. It will request the key only when encryption is detected.
It wouldn't be safe if there were situations where BitLocker mistakenly identifies you as an authorized user and shares the key with you.
This is particularly risky if enabling BitLocker could lead to that scenario.
= = = =
Here’s a revised version of your text:
The initial images illustrate the system status after encryption was finished. In the first picture, the device is encrypted and active. The second image indicates that BitLocker is disabled. Removing device encryption in the first image triggered a warning (shown in the third image), yet it still permitted decryption using a straightforward prompt without requiring a key. I was curious about the exact configuration when device encryption remained enabled but BitLocker was turned off, especially since this was the default setting on the machine. What would happen to data recovery if the computer failed in this condition—with device encryption still active and a local account?