Scenario 12: Turning Off BitLocker Drive Encryption (Windows 7)

Applies To: Windows 7

This scenario describes how to either suspend BitLocker Drive Encryption or turn off BitLocker Drive Encryption and decrypt the drive.

When you have encrypted an operating system drive, you can choose to either suspend BitLocker temporarily or turn off BitLocker on an operating system drive and decrypt the drive. You can suspend BitLocker on an operating system drive to make TPM changes and operating system upgrades. On a data drive, you simply decrypt the drive. Decrypting the drive means that the drive will once again be readable and that all the keys are discarded. After a drive is decrypted, you must generate new keys by completing the encryption process again.

Before you start

To complete the procedures in this scenario:

  • You must be able to provide administrative credentials.

  • The drive must be BitLocker-protected.

Complete one of the following procedures.

To suspend BitLocker Drive Encryption on an operating system drive

  1. Click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption.

  2. Click Suspend Protection for the operating system drive.

  3. A message is displayed, informing you that your data will not be protected while BitLocker is suspended and asking if you want to suspend BitLocker Drive Encryption. Click Yes to continue and suspend BitLocker on the drive.

By completing this procedure, you have suspended BitLocker protection on the drive by changing the decryption key to a clear key. To read data from the drive, the clear key is used to access the files. When BitLocker is suspended, TPM validation does not occur and other authentication methods, such as the use of a PIN or USB key to unlock the operating system drive, are not enforced. This allows you to make system changes such as updating the BIOS or replacing a data drive. When you are finished making changes to the computer, click Resume Protection from the BitLocker Drive Encryption Control Panel item to start using BitLocker Drive Encryption again.

To turn off BitLocker Drive Encryption

  1. Click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption.

  2. Find the drive on which you want BitLocker Drive Encryption turned off, and click Turn Off BitLocker.

  3. A message is displayed, informing you that the drive will be decrypted and that decryption may take some time. Click Decrypt the drive to continue and turn off BitLocker on the drive.

By completing this procedure, you have decrypted the drive and removed BitLocker protection.