DisableEncryptedDiskProvisioning
DisableEncryptedDiskProvisioning
specifies whether Windows activates encryption on blank drives that are capable of hardware-based encryption during installation.
By default, Windows activates drives that are capable of hardware-based encryption by using a fixed access control list (ACL) that is based on the Opal Security Subsystem Class (Opal SSC) specification.
Note Use the TCGSecurityActivationDisabled unattend setting to enable the Group Policy setting, Do not automatically encrypt files moved to encrypted folders, after Windows is installed and started up. The setting specifies, for unprovisioned eDrives, whether security should be activated on the eDrive during provisioning.
Values
true |
Specifies that Windows does not activate encryption on blank drives, even if those drives are capable of hardware-based encryption. |
false |
Specifies that Windows activates encryption on blank drives that are capable of hardware-based encryption. This is the default value. |
Valid Configuration Passes
windowsPE
Parent Hierarchy
microsoft-windows-setup- | DiskConfiguration | DisableEncryptedDiskProvisioning
Applies To
For the list of the Windows editions and architectures that this component supports, see microsoft-windows-setup-.
XML Example
The following XML output for the DisableEncryptedDiskProvisioning
setting shows how to specify that Windows does not activate encryption on blank drives, even if those drives are capable of hardware-based encryption.
<DisableEncryptedDiskProvisioning>true</DisableEncryptedDiskProvisioning>