Skip to end of metadata
Go to start of metadata
Note: It isn't absolutely necessary to unlock a BitLocker encrypted drive when restoring an image of the encrypted partition. The partition will restore without a problem and will be automatically re-encrypted on reboot, however, unlocking the drive in Windows PE enables intelligent sector copy imaging and cloning, RapidDelta Restore (RDR) and also free access to the drives contents using PE Explorer.

Automatically unlocking BitLocker encrypted drives

Macrium Reflect can include the components and decryption keys necessary automatically to unlock Microsoft BitLocker encrypted drives in Windows PE.

In the Rescue Media Wizard select 'Include optional components' and 'Automatically unlock BitLocker encrypted drives'

When Windows PE starts any BitLocker unlocked drives that are were attached when the recovery media was created will be automatically unlocked in PE.


Unlocking BitLocker encrypted drives using a USB stick

Automatically unlocking encrypted drives when PE starts may present an unacceptable security risk for some users. Automatic unlocking requires no user intervention and the Macrium Reflect boot menu is able to access encrypted drives without password entry. An alternative method is to de-select the 'Automatically unlock BitLocker encrypted drives' option in the rescue media Wizard:

 

You can then save BitLocker Encryption Key files (.BEK) and/or BitLocker password TXT files to the root of any USB stick.  This could also be a Windows PE rescue media USB stick.

  1. In Windows Explorer, right click on any BitLocker encrypted drive and click on ‘Manage BitLocker’. 
  2.  In the newly opened window click ‘Back up your recovery key’
  3.  In the BitLocker Drive Encryption wizard select ‘Save to a USB flash drive’ and chose the USB device you want to save to. 


    After choosing the USB device you want to save the Recovery Key file to, click ‘Save’ and then ‘Finish’ in the BitLocker Drive encryption wizard. This action will save a .BEK file and/or a recovery password text file to the chosen USB device.

    Note: The .BEK file is a protected operating system file, it is hidden by default and won't be visible within Windows Explorer. it can be made visible by changing Folder Options and de-selecting the option to ‘Hide Protected operating system files’.

    You can add as many keys as you have encrypted drives. 

When Windows PE starts ensure that your USB flash drive is attached to your PC. Your encrypted drives will then be automatically unlocked when Macrium Reflect initializes. 

 

  • No labels