Note: It isn't absolutely necessary to unlock a BitLocker encrypted drive when restoring an image of the encrypted partition. The partition will restore without problems but will require re-encrypting on reboot.
Unlocking the drive in Windows PE enables intelligent sector copy imaging and cloning, RapidDelta Restore (RDR), and also free access to the drive's contents using PE Explorer. In addition, restoring to an unlocked drive will retain the encryption status of the drive when rebooting.
Automatically unlocking BitLocker encrypted drives
Macrium Reflect can include the components and decryption keys necessary to automatically unlock Microsoft BitLocker encrypted drives in Windows PE.
In the Rescue Media Builder select Advanced then Add BitLocker Support and Automatically unlock BitLocker Volumes.
When Windows PE starts any BitLocker locked drives that were attached when the recovery media was created it will automatically unlock them.
Unlocking BitLocker encrypted drives using a USB stick
Automatically unlocking encrypted drives when PE starts may present an unacceptable security risk for some users.
Automatic unlocking requires no user intervention and the Macrium Reflect boot menu is able to access encrypted drives without password entry.
An alternative method is to de-select the Automatically unlock BitLocker encrypted drives option in the Rescue Media Builder:
You can then save BitLocker Encryption Key files (.BEK) and/or BitLocker password TXT files to the root of any USB stick. This could also be a Windows PE rescue media USB stick.
- In Windows Explorer, right click on any BitLocker encrypted drive and click on Manage BitLocker.
- In the newly opened window click ‘Back up your recovery key’
- In the BitLocker Drive Encryption wizard select ‘Save to a USB flash drive’ and chose the USB device you want to save to.
After choosing the USB device you want to save the Recovery Key file to, click Save and then Finish in the BitLocker Drive encryption wizard. This action will save a .BEK file and/or a recovery password text file to the chosen USB device.Note: The .BEK file is a protected operating system file, it is hidden by default and won't be visible within Windows Explorer. it can be made visible by changing Folder Options and de-selecting the option to Hide Protected operating system files.
You can add as many keys as you have encrypted drives.
When Windows PE starts ensure that your USB flash drive is attached to your PC. Your encrypted drives will then be automatically unlocked when Macrium Reflect initializes.