10 to 11 upgrade Bitlocker issue

Hi Forz44 — sorry that happened. That upgrade left your D: drive encrypted and Windows 10 is asking for the recovery key each boot while Windows 11 is unlocking it automatically. You can fix this without upgrading to Pro by using the built‑in command-line BitLocker tool (manage-bde). Tell me whether you want to (A) permanently decrypt the drive so it never asks again, or (B) keep it encrypted but make it auto‑unlock in Windows 10. Below are safe, step‑by‑step options for both.
Before you start

• Make sure you have the 48‑digit recovery key (you said it’s in your Microsoft account).
• Create a backup of any important files if you’re worried about data loss (decryption is normally safe but can take time).
• Run the commands from an elevated Command Prompt or PowerShell (Run as administrator).

How to check current status (do this first)

1. Open Start, type cmd, right‑click Command Prompt → Run as administrator.
2. Run:
   manage-bde -status D:
   This shows whether D: is encrypted, percentage complete, and what protectors exist.

If you just want to unlock the drive now (enter the recovery key once)

• In the same elevated window run:
  manage-bde -unlock D: -RecoveryPassword YOUR-48-DIGIT-KEY
  Replace YOUR-48-DIGIT-KEY with the recovery key (digits only or with dashes — either works). After unlock, you can access files for this session.

Option A — Permanently decrypt the drive (turn BitLocker off)

1. Unlock the drive with the command above if it’s locked.
2. Then start decryption:
   manage-bde -off D:
3. Check progress:
   manage-bde -status D:
   Wait until “Percentage Encrypted” reaches 0%. Do NOT interrupt power during decryption. Once complete the drive will no longer ask for the key.

Option B — Keep encryption but stop being prompted by enabling auto‑unlock
(Useful if you want the security of encryption but not entering the key each boot when using that Windows installation)

1. Unlock the drive first (see unlock command above).
2. Enable auto-unlock:
   manage-bde -autounlock -enable D:
3. Verify:
   manage-bde -status D:
   This will make the fixed data drive automatically unlock when the OS drive is unlocked (requires the OS boot drive to be protected/unlocked by TPM or equivalent). To disable auto-unlock later:
   manage-bde -autounlock -disable D:

If manage-bde commands report errors

• Copy and paste the exact error text here and I’ll interpret it. Common issues: not running elevated, mistyped drive letter, or missing protector (in which case you will need the recovery password to unlock first).

Why did this happen?

• Windows 11 and your upgraded environment likely changed how the OS uses TPM/device encryption and which account/profile is used to auto-unlock drives. Home editions often don’t show the “Manage BitLocker” GUI, so the Control Panel menu is missing — but manage-bde is still available and will let you control encryption.

If you prefer GUI steps

• In Windows 11 check Settings → Privacy & security → Device encryption (if present). In Windows 10 Home you usually won’t see the “Manage BitLocker” Control Panel link; use the commands above instead.

Next step

• Tell me whether you want to decrypt (A) or auto‑unlock (B). If you’re unsure, run manage-bde -status D: and paste the output here (or a screenshot) and I’ll give the exact next commands.

Windows 11 likely enabled device encryption which is a lighter version of BitLocker automatically which is why it’s unlocked there but asking for a key in Windows 10. Since Home editions don’t show the “Manage BitLocker” option you can turn it off from Windows 11. Boot into Windows 11 then open Settings - Privacy & Security - Device encryption and toggle it off. That should decrypt the drive and stop the key prompt in both versions. Once done you can safely remove the unwanted Windows 10 entry later using System Configuration (msconfig).

Spot on — datawizard0103 is likely correct: Windows 11’s automatic “Device encryption” (a consumer form of BitLocker) can be enabled silently and will let Windows 11 unlock the drive while Windows 10 asks for the recovery key. Below are safe, concrete steps to confirm what’s happening, turn off/decrypt the drive if you want, and then remove the extra Windows 10 boot entry. I’ll show both GUI and command‑line options so you can pick what you’re comfortable with.
Important safety notes before you start

• Back up any important files first. Decryption normally completes fine but can take time and you don’t want to risk data loss.
• If BitLocker / Device encryption is enabled, make sure you have the 48‑digit recovery key (it’s usually backed up to your Microsoft account or Azure AD). Confirm that before decrypting.

1) Confirm whether the drive is encrypted (quick)

• GUI: Settings → Privacy & security → Device encryption — this page will show status if Device encryption is present.
• CLI (recommended): open an elevated Command Prompt / PowerShell and run:
  • manage-bde -status
    That reports encryption status and protectors for each volume.

2) If Device encryption is available in Settings (Windows 11 GUI)

• Settings → Privacy & security → Device encryption → toggle “Off.”
• Wait for “Decryption is in progress” to complete — it can take minutes to hours depending on drive size. Do not power off while decrypting.

3) If you don’t see “Device encryption” (or you need the BitLocker CLI)

• To decrypt (turn BitLocker off) from an elevated prompt:
  • First check status: manage-bde -status C:
  • Unlock if necessary (enter your recovery key if prompted):
    manage-bde -unlock D: -RecoveryPassword YOUR-48-DIGIT-KEY
  • Then start decryption:
    manage-bde -off D:
  • Monitor progress with: manage-bde -status D:.
    CLI/PowerShell controls are the same on Home/Pro — they simply expose the commands.

4) Alternative: keep the drive encrypted but stop the key prompt in Windows 10
If you want to keep encryption but stop being prompted on the Windows 10 install, either:

• Enable auto‑unlock for that fixed data drive (after unlocking it once):
  • manage-bde -autounlock -enable D:
    OR
• Permanently decrypt the drive (see step 3). The auto‑unlock option causes the data drive to unlock automatically when the OS drive is unlocked.

5) Suspend BitLocker while you make changes (optional, safe)

• If BitLocker is on and you need to change firmware/boot entries first, you can suspend protectors (no decryption):
  • manage-bde -protectors -disable C:
  • Re-enable later with: manage-bde -protectors -enable C:
    Suspending avoids needing the recovery key while you make changes; it does not decrypt the drive.

6) Remove the unwanted Windows 10 boot entry (two safe ways)
A) GUI (easy)

• Run msconfig → Boot tab → select the Windows 10 entry → Delete → Apply → OK → Reboot. This is safe once you confirm Windows 11 boots normally and the encrypted drive issue is resolved.

B) Command line (precise)

• List boot entries:
  • bcdedit /v
• Note the identifier for the unwanted Windows 10 entry (it looks like {xxxxxxxx‑xxxx‑...}). Remove it:
  • bcdedit /delete {identifier} /f
• Reboot and confirm only the Windows 11 entry remains.

Important: only delete the Windows 10 boot entry after you confirm Windows 11 boots correctly and any encryption/unlock issues are resolved. If you’re uncertain, keep the entry until everything is validated.
7) If Windows 10 still asks for the recovery key after you decrypted in Windows 11

• Make sure decryption completed successfully (manage-bde -status should show “Percentage Encrypted: 0%”). If Windows 10 still prompts, unlock the drive once in Windows 10 with the recovery key, then either enable auto‑unlock there or perform the decryption from within Windows 10/11 using manage‑bde.

8) Extra tips & troubleshooting

• If you don’t have the recovery key: log into the Microsoft account used during OOBE at account.microsoft.com/devices and check for the recovery key; corporate devices may have the key in Azure AD/Intune. Don’t attempt destructive fixes without the key.
• Decryption takes time — do not force power off during the process.

If you want I can:

• Walk you through the exact commands interactively (I’ll tell you what to paste and what to expect).
• Interpret the output if you paste the result of manage-bde -status and bcdedit /v.
• Give the exact msconfig or bcdedit steps once you confirm which drive letter (C: or D and whether you prefer GUI or CLI.

Which would you like — a CLI walkthrough to decrypt (and the commands to remove the Windows 10 boot entry), or step‑by‑step GUI instructions you can follow in Settings and msconfig?