Prevent Device Encryption by setting TCGSecurityActivationDisabled?

[fhw72]

Is there any option to set TCGSecurityActivationDisabled to 1 with NTLite?

I learned that setting this value via unattend.xml or regedit is recommended if Bitlocker encryption was disabled.
RUFUS (which I'd like to get rid of) is setting PreventDeviceEncryption+TCGSecurityActivationDisabled via unattend.xml.

Please see: https://github.com/pbatard/rufus/issues/2253

 

[garlin]

1. NTLite already has a setting to prevent Device Encryption (for all cases):

Settings / System / Automatic device encryption (Bitlocker) -> Disabled​

2. There isn't a specific setting for TCGSecurityActivationDisabled, but you can copy this to a .reg file and import from the Registry screen:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices]
"TCGSecurityActivationDisabled"=dword:00000001