All Bitlockered machines are showing Used Space Only encryption

Kit Eizenga 1 Reputation point
2021-01-26T23:36:17.19+00:00

I have used a script to install Bitlocker on all my workstations. I use the same script and some of them show Fully Encrypted but most do NOT and show Used Space Only Encryption. I checked the registry key on these machines and it is correct for Fully Encrypted. I have the GPO applied to the workstations with the attribute for Fully Encrypted and yet when I run managebde -status it

Full encryption
Registry Hive HKEY_LOCAL_MACHINE
Registry Path SOFTWARE\Policies\Microsoft\FVE
Value Name OSEncryptionType
Value Type REG_DWORD
Value 1

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
3,003 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Jenny Feng 14,211 Reputation points
    2021-01-27T02:34:01.84+00:00

    @Kit Eizenga
    Hi,
    The conversion status could alternatively be listed as “Used Space Only Encrypted” when percentage encrypted reaches 100%, this is because BitLocker has the option of encrypting only used data which will be a lot faster to complete as there is less of the disk to encrypt but can be less secure, or full disk encryption which will encrypt the whole disk regardless of which parts are in use.
    Based on my research, the "Used Space Only" will be much more efficient than full encryption and the new added data will be encrypted automatically but the deleted data before the encryption won't be protected.
    If this is a new drive, there is no need to change the encryption mode. If you are concerned about the deleted data before the encryption, we should turn off the BitLocker and turn on it again to change the mode.
    For the two types of the encryption mode, here is a link for reference:
    https://web.archive.org/web/20150906083802/http://technet.microsoft.com/en-us/windows/jj983729.aspx

    Hope above information can help you.

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Bagitman 586 Reputation points
    2021-01-27T15:36:42.08+00:00

    You fail to add how you proceeded encrypting. If your GPO set "use full encryption" only after the encryption was initialized, it's no wonder.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.