Bitlocker and Macrium. A Hypothetical (at this point) question.

Mooly · Mar 29, 2024

I use Bitlocker and Macrium without issue... Bitlocker is on 24/7 and it just all works perfectly, images and restores. All is good.

What would happen if...

I tried to restore a previous clean install of W11 that was at the time made with Bitlocker running?

For example if I did a 100% clean install every 6 months and then I wanted to restore a previous image would I get locked out by Bitlocker and be asked for the 48 digit key applicable to when that image was made? and perhaps more importantly then be locked out of the current image with that also requiring the current code.

cereberus · Mar 29, 2024

Hard to say.

Make sure you have both keys.

Frankly, I would first turn off Bitlocker on current installation, make an image backup as a precaution, then restore older image backup.

Then restore Bitlocker

johnp · Mar 29, 2024

Mooly said:
I use Bitlocker and Macrium without issue... Bitlocker is on 24/7 and it just all works perfectly, images and restores. All is good.

What would happen if...

I tried to restore a previous clean install of W11 that was at the time made with Bitlocker running?

For example if I did a 100% clean install every 6 months and then I wanted to restore a previous image would I get locked out by Bitlocker and be asked for the 48 digit key applicable to when that image was made? and perhaps more importantly then be locked out of the current image with that also requiring the current code.

It always restores Windows with Bitlocker disabled. You will not get any errors.

Mooly · Mar 29, 2024

Thanks for your thoughts on this, it kind of feels a bit like uncharted territory at this point. I have keys for the current set up (printed in a safe place) but not for earlier installs. That's a mistake I won't make again.

johnp · Mar 30, 2024

Mooly said:
Thanks for your thoughts on this, it kind of feels a bit like uncharted territory at this point. I have keys for the current set up (printed in a safe place) but not for earlier installs. That's a mistake I won't make again.

I have done it many times, it always restores with Bitlocker disabled.

barreleye · Mar 31, 2024

johnp said:
I have done it many times, it always restores with Bitlocker disabled.

Can you explain exactly what you're doing? In particular, which partitions are you restoring, and what's your procedure for both the backup and restore? There are subtleties to the OP's question, and I would ask him the same thing. For example, I use Terabyte's Image For Windows, and if I were to follow my normal procedure to restore the OS partition, and just the OS partition, I would boot into their WinRE environment, use manage-bde to unlock the Bitlockered OS partition, and restore my unencrypted OS image to it. Bitlocker would encrypt it on the fly, and I would boot into Windows with startup and auto-unlock keys all remaining valid, and Bitlocker enabled. If I hadn't used manage-bde, I'd have to re-encrypt the OS partition when I booted into Windows and use special measures to recover from the now invalid auto-unlock keys.

I hope this makes it clear why I'm puzzled by "always restores with Bitlocker disabled". That's the one thing I want to avoid with a passion. I'd guess there's a point where my normal method would fail, and I'd have to do a full restore including the hidden System partition that contains the Bitlocker startup stuff, but I've never encountered it. If that were to happen, whether Bitlocker is enabled or not would depend on whether the image was made with the OS partition locked or not. As I make all my backups within a live Windows session, the OS is imaged in the unencrypted state, so a full restore of the drive would remove the Bitlocker protection, as would any restore that skips the manage-bde step from my first paragraph. This would be avoided if I imaged the drive outside of Windows, but then I'd be backing up encrypted data, and the imaging software couldn't compress it and would have to back up unused sectors, so that's a non-starter.

cereberus · Mar 31, 2024

johnp said:
I have done it many times, it always restores with Bitlocker disabled.

That depends on settings

johnp said:
I have done it many times, it always restores with Bitlocker disabled.

This is not true - it depends on situation.

Confluence Mobile - Macrium Reflect Knowledgebase

knowledgebase.macrium.com

markw51 · Mar 31, 2024

cereberus said:
That depends on settings
This is not true - it depends on situation.

Confluence Mobile - Macrium Reflect Knowledgebase

knowledgebase.macrium.com

Never had an issue with restoring from Macrium with Bitlocker on. The default settings on Macrium tells you it's going to disable Bitlocker and then just restores the image with no fuss or drama.

cereberus · Mar 31, 2024

markw51 said:
Never had an issue with restoring from Macrium with Bitlocker on. The default settings on Macrium tells you it's going to disable Bitlocker and then just restores the image with no fuss or drama.

Never claimed there were issues - it was the statement that restores are always unencrypted that was wrong.

E.g. if you backup an encrypted partition and restore it on a different pc, without selecting option to unlock it, the new partition is still bitlocked.