- Local time
- 5:36 AM
- Windows 11
Can I ask, when you do a restore of your system drive, is it still encrypted? I use Easeus Todobackup and enabling Bitlocker resulted in transparent use of my computer and the use of Todobackup, but when I do a restore and reboot, the drive is no longer encrypted. Does Macrium Reflect restore the system drive to the Bitlocker state it was when backed up, or do you need to reapply Bitlocker after a restore? This was touched on in post #6.
I suspect all imaging programs work in the same way WRT Bitlocker. I use Image for Windows, and I use it to backup my live system drive to another encrypted drive. This backup is unencrypted, but it's possible to have Windows encrypt it on the fly during the restore of the system partition, so that I'm not restoring it unencrypted, only to have to re-encrypt and invalidate the previously saved rescue keys and auto-unlock keys. I do this by booting from rescue media into Terabyte's WinRE environment, using manage-bde to unlock the system drive, and then I have Image for Windows restore just the system partition. There's a detailed paper discussing this, which they call a "Type A" backup, and other scenarios here:
Using BitLocker with TeraByte’s Imaging Programs – TeraByte Knowledge Base
I just skimmed it again and ran across this, "You can suspend BitLocker on the Windows partition before booting to the TBWinRE boot media to avoid having to unlock it manually." That's nice to know, because I have multiple Bitlockered drives, and it's always been trial and error to unlock the right one. That is, I don't know which is the system drive until I unlock it. So suspending Bitlocker will save me some time and aggravation.
BTW, if you ever forget and restore in the unencrypted state, you'll find your auto-unlock drives no longer auto-unlock, and there's a procedure to get them back to normal:
Re-enable BitLocker Auto-Unlock after System Volume Restore | MCB Systems
Today I did a disaster recovery test on my Windows Server 2008 R2 Hyper-V host. I used Windows Backup to do a bare metal restore of only the system volume. As expected, after the restore, the system volume was no longer encrypted. But even after re-encrypting the system volume, I was unable to...
After you've done this a time or two, you'll remember. lol
The reason I am even exploring encryption is I was looking into usb boot iso's and seen these windows password reset programs. I tried one and, WOW!, it removed the need for my password in less the 30 seconds after it booted. I think the password reset program will not work on an encrypted system, and I will test soon, but meanwhile am seeing if Bitlocker will be easy to live with, provide security but make sure I can do a restore if necessary.
Bitlocker is very easy to live with and will definitely prevent those password reset programs from working. Unlike with TrueCrypt, everything just works, including things like drive names in "Safely eject", which I noticed when I moved to Bitlocker after the TrueCrypt people said it was no longer secure in May 2014. The only consideration besides restoring images I've encountered is the necessity to suspend protection before updating the computer's BIOS. Everything else is seamless, as if I'm not using encryption.
- Windows 11