Cloning drive with BitLocker unlocked on a new drive

I have C: on my source NVMe drive I want to replace, which is BitLocker enabled but UNLOCKED (grey icon).



Can I clone this drive to the new NVMe (Macrium Reflect 8 says it will be copied without BitLocker) and just boot from the new drive? Do I need to enable BitLocker again on the cloned drive and then unlock it again before I swap the old -> new drive?

Macrium web page is not that clear about this topic in the "BitLocker Removal Restore/Clone" section saying: "Outcome: The entire file system is restored in the clear and BitLocker must be manually re-enabled on the restored/cloned file system."; "must" = "if you want BitLocker again"?
The simple question is: will the new one boot, just swapping the drive? Or I "MUST" re-enable first BitLocker on the new cloned drive for C: partition?

Windows 11 24H2, NVMe drives, Macrium Reflect 8 (Registered).

Seems pretty explicit:
Outcome: The entire file system is restored in the clear.


Why would you want to enable BitLocker prior to cloning if you do not have it enabled now?

So the new drive will be just without BitLocker... but this new drive should boot up and work fine (without BitLocker), right?

I would make 100% sure you have the original BitLocker keys accurately written down, then there are no surprises if you find the cloned drive locked when you don't expect it to be. Write the keys down for all drives concerned.

Is 'unlocked' the same as 'off' is what I'm thinking.

Mooly said:

I would make 100% sure you have the original BitLocker keys accurately written down, then there are no surprises if you find the cloned drive locked when you don't expect it to be. Write the keys down for all drives concerned.

Is 'unlocked' the same as 'off' is what I'm thinking.

Click to expand...

Yep... people often says BitLocker Off but it's never clear if they mean BitLocker enabled but unlocked (grey icon), or without BitLocker.

hexaae said:

So the new drive will be just without BitLocker... but this new drive should boot up and work fine (without BitLocker), right?

Click to expand...

Why wouldn'it?
Unless the image is corrupted.

No it's ok if the new cloned drive will be without BitLocker. Just wanted to be sure not to be locked out and avoid problems, and be able to boot right away from the new drive without BitLocker issues...
That "you must manually re-enable BitLocker" in Macrium docs can be confusing.

(Of course I've written down my BitLocker keys from Sign in to your account just to be safe)

hexaae said:

No it's ok if the new cloned drive will be without BitLocker. Just wanted to be sure not to be locked out and avoid problems, and be able to boot right away from the new drive without BitLocker issues...
That "you must manually re-enable BitLocker" in Macrium docs can be confusing.

Click to expand...

All it means is this:
If you leave your front door unlocked after leaving the house, make sure you lock it again behind you when you return in order to secure your home.

Ok, sorry but it's first time (24H2 forced it!) I have to clone a BitLocker enabled but unlocked drive and wanted to be 100% sure.

All my concerns came from the fact that BitLocker enabled but unlocked (grey icon) means the drive is accessible but still encrypted... while without icon at all = not even encrypted, and wanted to be sure it can't be a problem when swapping to the new cloned drive (with no BitLocker at all and no icon).

hexaae said:

Ok, sorry but it's first time (24H2 forced it!) I have to clone a BitLocker enabled but unlocked drive and wanted to be 100% sure.

All my concerns came from the fact that BitLocker enabled but unlocked (grey icon) means the drive is accessible but still encrypted... while without icon at all = not even encrypted, and wanted to be sure it can't be a problem when swapping to the new cloned drive (with no BitLocker at all and no icon).

Click to expand...

There is only one way to find out.
Besides you will still have the old drive to fall back on in case of an issue.

Have a read at post #68 here. I remembered this from a few months back:

POST #68

...To sum up, reading from various sources, this is the situation (more advanced users on this argument, please correct me if I'm wrong):


What do these hard drive icons mean? - The Old New Thing (icons are Win10 style in this pic, still very similar to Win11's though)

So... if you clone an old drive with C: partition with BL (BitLocker) enabled and unlocked (grey icon, "Unlocked padlock"): BL working, encryption enabled, but auto-unlocked on boot to access the drive) --> new drive with cloned C: without BitLocker (no BL icon at all, "System drive" from pic above) you will have no problems wherever you mount the unit. TPM 2.x chip on your PC will still retain the old BL key for C: from the old drive, so you can even re-mount the old drive with BL enabled and it will be auto-unlocked (grey icon) on boot, just like it was before cloning. To be short, you can actually interchange drives: old with BL enabled, or new without BL.
BUT... at this point if you enabled BL (and auto-unlock to access the drive on boot) on the new cloned drive, a new BL key will be generated and stored in TPM (and added to your device in your MS online account) replacing old C: BL key for current boot drive (which is the new one with new BL key). This means that from now on, to access your old drive where BL was enabled (in the same PC port or in an external enclosure), you'll have to recover and enter your old BL key associated with that drive/partition to unlock it (will appear with yellow "Locked padlock" icon 'till you unlock it)!