Table of contents
TOC
Collapse the table of content
Expand the table of content

DisableEncryptedDiskProvisioning

Last Updated: 12/12/2016

DisableEncryptedDiskProvisioning specifies whether Windows activates encryption on blank drives that are capable of hardware-based encryption during installation.

By default, Windows activates drives that are capable of hardware-based encryption by using a fixed access control list (ACL) that is based on the Opal Security Subsystem Class (Opal SSC) specification.

Note
Use the TCGSecurityActivationDisabled unattend setting to enable the Group Policy setting, Do not automatically encrypt files moved to encrypted folders, after Windows is installed and started up. The setting specifies, for unprovisioned eDrives, whether security should be activated on the eDrive during provisioning.

Values

true

Specifies that Windows does not activate encryption on blank drives, even if those drives are capable of hardware-based encryption.

false

Specifies that Windows activates encryption on blank drives that are capable of hardware-based encryption. This is the default value.

Valid Configuration Passes

windowsPE

Parent Hierarchy

microsoft-windows-setup- | DiskConfiguration | DisableEncryptedDiskProvisioning

Applies To

For the list of the Windows editions and architectures that this component supports, see microsoft-windows-setup-.

XML Example

The following XML output for the DisableEncryptedDiskProvisioning setting shows how to specify that Windows does not activate encryption on blank drives, even if those drives are capable of hardware-based encryption.

<DisableEncryptedDiskProvisioning>true</DisableEncryptedDiskProvisioning>

DiskConfiguration

TCGSecurityActivationDisabled

Send comments about this topic to Microsoft

© 2017 Microsoft