Restoring a Bitlockered System Image with Macrium Reflect Free

Topic

New Reply

So I am new to using Macrium Reflect Free. My version is currently at 8.0.7279. With Macrium I have made full system images of both my computer and my wife’s. (We both have Windows 11, I have Pro and she has Home, and both are version 21h2.) I noticed after imaging my wife’s system that she has Bitlocker enabled. I tested both recovery usb’s, made sure they would boot properly for the appropriate system, and made sure that Macrium was able to read to the “destination drive” and the respective system image I created in each case, and so everything looks good. I know that Macrium has Bitlocker support, but I do have a question:

If I’m understanding things correctly, the user does not have to do anything differently when restoring a bitlockered system image compared to a nonbitlockered system, correct? (That is, there isn’t any button or checkbox or something special I’m supposed to do, to restore a system with Bitlocker, compared to a system without Bitlocker, right?)

Reply | Quote

Replies

Be SURE you have the Bitlocker encryption key for any encrypted machine recorded and copied to a safe place (better to make multiple copies in secure places). If things ever go south, you will need that key to recover data.

If you are using a Local ID, the key is stored on your computer. If you are a Microsoft ID, visit your account and verify it is saved there.

2 users thanked author for this post.

sdanr, opti1

Reply | Quote

A “Windows Home” PC should not have BitLocker enabled as it is not supported, but we have seen reports of it on Dell machines – is yours a Dell?

To check that BL is enabled open Explorer.
View > Details Pane
Select C:
On the right you will see the details of the disk with the BL status at the bottom.

To be sure, open an  admin PowerShell window – Windows > powers, right click on the PowerShell app and select “Run as administrator”.
Type: get-bitlockervolume

cheers, Paul

Reply | Quote

Hi Paul T,

A “Windows Home” PC should not have BitLocker enabled as it is not supported, but we have seen reports of it on Dell machines – is yours a Dell?

No, it is HP Victus laptop. And is quite new, it was purchased last summer. I guess HP might be doing the same sort of thing Dell is. (See Phil F’s post below.)

Unfortunately looking for Bitlocker with File Explorer didn’t yield any informative results. Unless the open lock on the Windows system volume is helpful? No information was found on the right, when that volume was selected when looking in the details view.

Running PowerShell and the command you gave, however, yielded some interesting results. Here they are. I obscured part of the computer name, but other than that, the output was not altered:

Incidentally, I first discovered that Bitlocker was enabled on this machine by going here: Start>Settings>Privacy & security>Device encryption. Doing so yields this result:

I do think this setting is misleading though. Or to be more accurate, the term “Bitlocker enabled” is an ambiguous term. In the day or so since my initial post, I did some more digging into how Macrium is used in certain cases that involve Bitlocker on the Macrium forums. And in so doing came across this KB article that talks about different Bitlocker restore outcomes:

https://knowledgebase.macrium.com/display/KNOW72/BitLocker+Restore+Outcomes

This leads me to believe that while I have “Bitlocker enabled,” according to the above, from Macrium Reflect’s view this system’s volume is considered “Bitlocker live/unlocked.” I had mistakenly thought, because of the “system settings” above, and finding the Bitlocker key for this computer, and noting that when I tested my usb recovery drive, etc, that when I saw the grey lock icon on the system volume, I thought that meant it was locked, but I was mistaken. If I recall correctly viewing this system from outside windows (from within MR’s rescue environment) shows that it is in an unlocked state as well. I’ll confirm and post back.

By the way, I found the output to that PowerShell command cryptic. What does it tell us?

1 user thanked author for this post.

oldfry

Reply | Quote

Paul,

Your statement regarding Bitlocker support in Windows Home is becoming less and less true. It is thinly disguised as Device encryption, as I discovered looking at Disk Management immediately after OOBE on a new HP X360 laptop in late 2020. (Fortunately, I had set up a local admin account.)

Please see #post-2531620, which contains links to the Microsoft documentation on the subject.

Regards, Phil

Reply | Quote

sdanr wrote:

I found the output to that PowerShell command cryptic. What does it tell us?

Encryption is enabled and the entire disk is encrypted. You can select “only used space” encryption for fast deployment.

Now you need to make sure you have the recovery key stored safely.

cheers, Paul

1 user thanked author for this post.

sdanr

Reply | Quote

Sorry it has taken me several days to get back to you; these last few days were particularly hectic.

Encryption is enabled and the entire disk is encrypted.

Thanks for this. I wasn’t sure what to make of that output.

If I recall correctly viewing this system from outside windows (from within MR’s rescue environment) shows that it is in an unlocked state as well. I’ll confirm and post back.

So I had a look at this computer’s image file and “destination” location (this SSD) in MR’s rescue environment, and I did recall correctly. Both have that same grey lock on the operating system partition. And only on that partition. (Mousing over said grey locks brings up a tooltip that says “Bitlocker unlocked”.) I tried to take a screenshot, and save it to the system’s desktop, but that didn’t work. (In hindsight I should have saved the screenshot to the connected external hard drive.) No matter, the situation is just like this one, from the above link:

The UI is a little different, and this computer has a partition after the operating system partition, but principle is the same. It would be a restore of an unlocked system image over an unlocked system image. I’m assuming it would also be the same, if I were to do a full image restore (restoring all of the partitions in one shot), since that is just the above, but with MR also copying over the partitions without any lock on them, as stated here:

As far as I can tell, that’s the case, anyway.

You can select “only used space” encryption for fast deployment.

That would explain why this computer’s operating system partition isn’t completely filled, like it would be in cases with the gold lock/Bitlocker encrypted state.

Now you need to make sure you have the recovery key stored safely.

I do. I backed it up to three separate locations, off of this computer. Thanks again for your help, I understand the “Bitlocker situation” a bit better now. Now this part, from the above screenshot, makes a lot more sense:

When restoring a system partition the system will boot normally using the TPM protector key or password to decrypt the system volume. (emphasis mine)

A grey lock in Macrium Reflect (yes, even when it says “Bitlocker unlocked”) means you are going to need that recovery key.

Reply | Quote