Bitlocker and Macrium. A Hypothetical (at this point) question.


M

Mooly

Well-known member
Member
VIP
Local time
12:33 AM
Posts
764
OS
W11 Pro x64 ongoing Canary 29500 latest builds
I use Bitlocker and Macrium without issue... Bitlocker is on 24/7 and it just all works perfectly, images and restores. All is good.

What would happen if...

I tried to restore a previous clean install of W11 that was at the time made with Bitlocker running?

For example if I did a 100% clean install every 6 months and then I wanted to restore a previous image would I get locked out by Bitlocker and be asked for the 48 digit key applicable to when that image was made? and perhaps more importantly then be locked out of the current image with that also requiring the current code.
 
Windows Build/Version
23H2

My Computer My Computer

At a glance

W11 Pro x64 ongoing Canary 29500 latest buildsIntel i58GbIntel HD Graphics
OS
W11 Pro x64 ongoing Canary 29500 latest builds
Computer type
Laptop
Manufacturer/Model
Dell 7760 Mobile Precision 17"
CPU
Intel i5
Motherboard
Unknown
Memory
8Gb
Graphics Card(s)
Intel HD Graphics
Sound Card
Realtek
Monitor(s) Displays
Internal
Hard Drives
2 x 256Gb SSD
PSU
Dell 240 watt
Mouse
Dell Premier Bluetooth
Internet Speed
50Mbps
Browser
Edge
Antivirus
Default Microsoft Security
Hard to say.

Make sure you have both keys.

Frankly, I would first turn off Bitlocker on current installation, make an image backup as a precaution, then restore older image backup.

Then restore Bitlocker
 

My Computer My Computer

At a glance

Windows 11 Pro + Win11 Canary VM.I9 13th gen i9-13900H 2.60 GHZ16 GB solderedIntegrated Intel Iris XE
OS
Windows 11 Pro + Win11 Canary VM.
Computer type
Laptop
Manufacturer/Model
ASUS Zenbook 14
CPU
I9 13th gen i9-13900H 2.60 GHZ
Motherboard
Yep, Laptop has one.
Memory
16 GB soldered
Graphics Card(s)
Integrated Intel Iris XE
Sound Card
Realtek built in
Monitor(s) Displays
laptop OLED screen
Screen Resolution
2880x1800 touchscreen
Hard Drives
1 TB NVME SSD (only weakness is only one slot)
PSU
Internal + 65W thunderbolt USB4 charger
Case
Yep, got one
Cooling
Stella Artois (UK pint cans - 568 ml) - extra cost.
Keyboard
Built in UK keybd
Mouse
Bluetooth , wireless dongled, wired
Internet Speed
900 mbs (ethernet), wifi 6 typical 350-450 mb/s both up and down
Browser
Edge
Antivirus
Defender
Other Info
TPM 2.0, 2xUSB4 thunderbolt, 1xUsb3 (usb a), 1xUsb-c, hdmi out, 3.5 mm audio out/in combo, ASUS backlit trackpad (inc. switchable number pad)

Macrium Reflect Home V8
Office 365 Family (6 users each 1TB onedrive space)
Hyper-V (a vm runs almost as fast as my older laptop)
Mooly said:
I use Bitlocker and Macrium without issue... Bitlocker is on 24/7 and it just all works perfectly, images and restores. All is good.

What would happen if...

I tried to restore a previous clean install of W11 that was at the time made with Bitlocker running?

For example if I did a 100% clean install every 6 months and then I wanted to restore a previous image would I get locked out by Bitlocker and be asked for the 48 digit key applicable to when that image was made? and perhaps more importantly then be locked out of the current image with that also requiring the current code.
Click to expand...

It always restores Windows with Bitlocker disabled. You will not get any errors.
 

My Computer My Computer

At a glance

macOSApple silicon M432 GBApple silicon M4
OS
macOS
Computer type
PC/Desktop
Manufacturer/Model
Mac mini M4
CPU
Apple silicon M4
Memory
32 GB
Graphics Card(s)
Apple silicon M4
Monitor(s) Displays
LG 27GN650-B IPS HDR Gaming Monitor 27" FHD
Screen Resolution
1080p
Hard Drives
Apple SSD AP1024Z
Internet Speed
1 Gbps / 1 Gbps symmetrical FTTH (GPON)
Browser
Microsoft Edge
Thanks for your thoughts on this, it kind of feels a bit like uncharted territory at this point. I have keys for the current set up (printed in a safe place) but not for earlier installs. That's a mistake I won't make again.
 

My Computer My Computer

At a glance

W11 Pro x64 ongoing Canary 29500 latest buildsIntel i58GbIntel HD Graphics
OS
W11 Pro x64 ongoing Canary 29500 latest builds
Computer type
Laptop
Manufacturer/Model
Dell 7760 Mobile Precision 17"
CPU
Intel i5
Motherboard
Unknown
Memory
8Gb
Graphics Card(s)
Intel HD Graphics
Sound Card
Realtek
Monitor(s) Displays
Internal
Hard Drives
2 x 256Gb SSD
PSU
Dell 240 watt
Mouse
Dell Premier Bluetooth
Internet Speed
50Mbps
Browser
Edge
Antivirus
Default Microsoft Security
Mooly said:
Thanks for your thoughts on this, it kind of feels a bit like uncharted territory at this point. I have keys for the current set up (printed in a safe place) but not for earlier installs. That's a mistake I won't make again.
Click to expand...
I have done it many times, it always restores with Bitlocker disabled.
 

My Computer My Computer

At a glance

macOSApple silicon M432 GBApple silicon M4
OS
macOS
Computer type
PC/Desktop
Manufacturer/Model
Mac mini M4
CPU
Apple silicon M4
Memory
32 GB
Graphics Card(s)
Apple silicon M4
Monitor(s) Displays
LG 27GN650-B IPS HDR Gaming Monitor 27" FHD
Screen Resolution
1080p
Hard Drives
Apple SSD AP1024Z
Internet Speed
1 Gbps / 1 Gbps symmetrical FTTH (GPON)
Browser
Microsoft Edge
johnp said:
I have done it many times, it always restores with Bitlocker disabled.
Click to expand...

Can you explain exactly what you're doing? In particular, which partitions are you restoring, and what's your procedure for both the backup and restore? There are subtleties to the OP's question, and I would ask him the same thing. For example, I use Terabyte's Image For Windows, and if I were to follow my normal procedure to restore the OS partition, and just the OS partition, I would boot into their WinRE environment, use manage-bde to unlock the Bitlockered OS partition, and restore my unencrypted OS image to it. Bitlocker would encrypt it on the fly, and I would boot into Windows with startup and auto-unlock keys all remaining valid, and Bitlocker enabled. If I hadn't used manage-bde, I'd have to re-encrypt the OS partition when I booted into Windows and use special measures to recover from the now invalid auto-unlock keys.

I hope this makes it clear why I'm puzzled by "always restores with Bitlocker disabled". That's the one thing I want to avoid with a passion. I'd guess there's a point where my normal method would fail, and I'd have to do a full restore including the hidden System partition that contains the Bitlocker startup stuff, but I've never encountered it. If that were to happen, whether Bitlocker is enabled or not would depend on whether the image was made with the OS partition locked or not. As I make all my backups within a live Windows session, the OS is imaged in the unencrypted state, so a full restore of the drive would remove the Bitlocker protection, as would any restore that skips the manage-bde step from my first paragraph. This would be avoided if I imaged the drive outside of Windows, but then I'd be backing up encrypted data, and the imaging software couldn't compress it and would have to back up unused sectors, so that's a non-starter.
 

My Computer My Computer

At a glance

Windows 11
OS
Windows 11

My Computer My Computer

At a glance

Windows 11 Pro + Win11 Canary VM.I9 13th gen i9-13900H 2.60 GHZ16 GB solderedIntegrated Intel Iris XE
OS
Windows 11 Pro + Win11 Canary VM.
Computer type
Laptop
Manufacturer/Model
ASUS Zenbook 14
CPU
I9 13th gen i9-13900H 2.60 GHZ
Motherboard
Yep, Laptop has one.
Memory
16 GB soldered
Graphics Card(s)
Integrated Intel Iris XE
Sound Card
Realtek built in
Monitor(s) Displays
laptop OLED screen
Screen Resolution
2880x1800 touchscreen
Hard Drives
1 TB NVME SSD (only weakness is only one slot)
PSU
Internal + 65W thunderbolt USB4 charger
Case
Yep, got one
Cooling
Stella Artois (UK pint cans - 568 ml) - extra cost.
Keyboard
Built in UK keybd
Mouse
Bluetooth , wireless dongled, wired
Internet Speed
900 mbs (ethernet), wifi 6 typical 350-450 mb/s both up and down
Browser
Edge
Antivirus
Defender
Other Info
TPM 2.0, 2xUSB4 thunderbolt, 1xUsb3 (usb a), 1xUsb-c, hdmi out, 3.5 mm audio out/in combo, ASUS backlit trackpad (inc. switchable number pad)

Macrium Reflect Home V8
Office 365 Family (6 users each 1TB onedrive space)
Hyper-V (a vm runs almost as fast as my older laptop)
cereberus said:
That depends on settings
This is not true - it depends on situation.

Macrium Reflect X

Macrium Reflect X
knowledgebase.macrium.com
Click to expand...
Never had an issue with restoring from Macrium with Bitlocker on. The default settings on Macrium tells you it's going to disable Bitlocker and then just restores the image with no fuss or drama.
 

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 build 26200.7296 / WSL 2 running U...Intel i7-1355U16GBIntel Iris XE
    OS
    Windows 11 build 26200.7296 / WSL 2 running Ubuntu
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 14 5430
    CPU
    Intel i7-1355U
    Motherboard
    Dell 0GMW80
    Memory
    16GB
    Graphics Card(s)
    Intel Iris XE
    Sound Card
    Realtek
    Monitor(s) Displays
    Dell 14", LG 32" Curved Wide screen monitor and LG Ultrawide 26"
    Screen Resolution
    1920 x 1200 @ 60Hz, 1920 x 1080 @ 100Hz and 2560 x 1080 @ 60Hz
    Hard Drives
    Samsung 990 Pro 1TB NVME Gen 4 M.2 SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Keyboard
    Dell KM3322W
    Mouse
    Dell Trackpad or Dell KM3322W
    Internet Speed
    900mb down / 400mb up FTTP
    Browser
    Edge 142.0.3595.90
    Antivirus
    Windows Defender
    Other Info
    Windows 365
    1TB OneDrive
    Outlook Classic
    Visual Studio Code running in WSL
    Python 3.14
    Samsung Magician
    Garmin Express
    Dell TB16 Thunderbolt dock
    WSL
    WEI Score: 8.3

  • At a glance

    Windows 11Core i5 - 1035G48GBIntel Iris Plus
    Operating System
    Windows 11
    Computer type
    Tablet
    Manufacturer/Model
    Microsoft Surface Pro 7
    CPU
    Core i5 - 1035G4
    Motherboard
    Microsoft
    Memory
    8GB
    Graphics card(s)
    Intel Iris Plus
    Monitor(s) Displays
    Surface touch
    Screen Resolution
    2736 x 1824
    Hard Drives
    128GB
    PSU
    Microsoft
    Case
    Microsoft Keyboard
    Cooling
    None
    Keyboard
    Microsoft Surface Keyboard
    Mouse
    Microsoft Arc Intellimouse
    Internet Speed
    900mb / 400mb FTTP
    Browser
    Edge
    Antivirus
    Windows Defender
markw51 said:
Never had an issue with restoring from Macrium with Bitlocker on. The default settings on Macrium tells you it's going to disable Bitlocker and then just restores the image with no fuss or drama.
Click to expand...
Never claimed there were issues - it was the statement that restores are always unencrypted that was wrong.

E.g. if you backup an encrypted partition and restore it on a different pc, without selecting option to unlock it, the new partition is still bitlocked.
 

My Computer My Computer

At a glance

Windows 11 Pro + Win11 Canary VM.I9 13th gen i9-13900H 2.60 GHZ16 GB solderedIntegrated Intel Iris XE
OS
Windows 11 Pro + Win11 Canary VM.
Computer type
Laptop
Manufacturer/Model
ASUS Zenbook 14
CPU
I9 13th gen i9-13900H 2.60 GHZ
Motherboard
Yep, Laptop has one.
Memory
16 GB soldered
Graphics Card(s)
Integrated Intel Iris XE
Sound Card
Realtek built in
Monitor(s) Displays
laptop OLED screen
Screen Resolution
2880x1800 touchscreen
Hard Drives
1 TB NVME SSD (only weakness is only one slot)
PSU
Internal + 65W thunderbolt USB4 charger
Case
Yep, got one
Cooling
Stella Artois (UK pint cans - 568 ml) - extra cost.
Keyboard
Built in UK keybd
Mouse
Bluetooth , wireless dongled, wired
Internet Speed
900 mbs (ethernet), wifi 6 typical 350-450 mb/s both up and down
Browser
Edge
Antivirus
Defender
Other Info
TPM 2.0, 2xUSB4 thunderbolt, 1xUsb3 (usb a), 1xUsb-c, hdmi out, 3.5 mm audio out/in combo, ASUS backlit trackpad (inc. switchable number pad)

Macrium Reflect Home V8
Office 365 Family (6 users each 1TB onedrive space)
Hyper-V (a vm runs almost as fast as my older laptop)
@cereberus - as always you remain a touchpoint of sanity and I appreciate that. I got a new laptop replacing my 2015 emeritus laptop (still working). Bitlocker ON was default for the new one, so I'm perusing the threads to see if passwording Macrium backups is safer than keeping Bitlocker on.

No attempt here to hijack Mooly's thread - just dropping a complement.
 

My Computer My Computer

At a glance

Windows 11 ProIntel(R) Core(TM) Ultra 9 185H32 GBIntel Arc Graphics
OS
Windows 11 Pro
Computer type
Laptop
Manufacturer/Model
Dell Inspiron+ Model 7640
CPU
Intel(R) Core(TM) Ultra 9 185H
Motherboard
Dell Inc. 0GWR35 (U3E1)
Memory
32 GB
Graphics Card(s)
Intel Arc Graphics
Sound Card
Intel Smart Sound / Realtek
Monitor(s) Displays
Dell INSPIRON BOE0A59
Screen Resolution
1920 x 1200 dpi
Hard Drives
NVMe BG6 KIOXIA 1024GB (SSD)
PSU
whatever it is, it's from Dell
Case
Meh, it's a laptop. Ice Blue aluminium (for Brits) aluminum (for compatriots)
Cooling
Hopefully adequate
Keyboard
onboard, backlit
Mouse
Logitech M705
Internet Speed
100 Mbps down, 10 Mbps up
Browser
Chrome default w/ Edge and Firefox in the wings
Antivirus
Primarily Windows Security
Other Info
Malwarebytes grandfathered lifetime license & (only because 3 yrs included in purchase) McAfee Business Protection onboard (provisionally)
You must log in or register to reply here.

Latest Support Threads

Latest Tutorials

Back
Top Bottom