How to change BitLocker settings using Group Policy

To enable the Group Policy that sets BitLocker encryption method for fixed drives, follow these steps:

1. Open the Group Policy Management Console by running the gpmc.msc command in the Run dialog box.

2. Right-click the desired Group Policy Object (GPO) and select Edit.

3. In the Group Policy Management Editor, navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Fixed Data Drives.

4. Locate the Configure encryption method and cipher strength for fixed data drives policy setting.

5. Double-click the policy and select Enabled.

6. In the Options, select XTS-AES 128 from the drop-down menu for Encryption method.

7. Click OK to save the changes.

8. Close the Group Policy Management Editor and update the GPO by running the gpupdate /force command in an elevated command prompt.

Once the GPO is updated, all fixed drives in computers that receive this policy will automatically use XTS-AES 128 as the default encryption method for BitLocker.