DisableEncryptedDiskProvisioning specifies whether Windows® activates encryption on blank drives that are capable of hardware-based encryption during installation.

By default, Windows activates drives that are capable of hardware-based encryption by using a fixed access control list (ACL) that is based on the Opal Security Subsystem Class (Opal SSC) specification.

Note
Use the TCGSecurityActivationDisabled unattend setting to enable the Group Policy setting, Do not automatically encrypt files moved to encrypted folders, after Windows is installed and started up. The setting specifies, for unprovisioned eDrives, whether security should be activated on the eDrive during provisioning.

Values

true

Specifies that Windows does not activate encryption on blank drives, even if those drives are capable of hardware-based encryption.

false

Specifies that Windows activates encryption on blank drives that are capable of hardware-based encryption. This is the default value.

Valid Configuration Passes

windowsPE

Parent Hierarchy

Microsoft-Windows-Setup | DiskConfiguration | DisableEncryptedDiskProvisioning

Applies To

For the list of the Windows editions and architectures that this component supports, see Microsoft-Windows-Setup.

XML Example

The following XML output for the DisableEncryptedDiskProvisioning setting shows how to specify that Windows does not activate encryption on blank drives, even if those drives are capable of hardware-based encryption.

  Copy Code
<DisableEncryptedDiskProvisioning>true</DisableEncryptedDiskProvisioning>

See Also