Feature request: "Disable BitLocker automatic device encryption" for Windows-to-Go installations

[kFYatek]

I created a Windows 11 25H2 Windows-to-Go stick, and for some reason it started encrypting itself after the initial setup. I realize that this shouldn't happen, but it did. The fact that I disabled the "Prevent Windows To Go from accessing internal disks" (intentionally, as I was running it on a computer that only has Linux on its internal SSD) may have something to do with it.

This obviously isn't great, as it caused unnecessary wear to my USB drive. Also pairing a USB installation with a TPM of a specific device doesn't sound appropriate for many use cases (although of course that won't truly happen automatically if a local account is used).

I believe that this could be mitigated by attaching the \Windows\System32\config\SYSTEM registry hive of the applied image after the drive is otherwise ready, and setting ControlSet001\Control\BitLocker\PreventDeviceEncryption DWORD value in that hive to 1.

[pbatard]

Can I have the log of how you created the Windows To Go drive?

I appreciate that you believe that this is unneeded, but as the developer, I have to categorically disagree.

Please recreate the drive, save the log, and see if the same issue occurs.

If the same issue occurs, then upload the log here.

[kFYatek]

Hi, sorry about that. TBH I initially thought that this has little to do with Rufus and it's just Windows being Windows. Only after unsuccessfully trying to reproduce it with a virtual drive and a VM I realized that Windows isn't supposed to behave like that in this case.

I actually still believe that this feature would make sense as a "just-in-case" measure and don't think that anything went wrong on the Rufus side.

That being said, of course I'll get back to you with a log and reproduction steps when (or if) I manage to reproduce the issue properly. Thanks for responding.