Macrium Reflect can be used to image and restore volumes encrypted with Microsoft BitLocker encryption. Unlocked BitLocker encrypted volumes are presented to the OS in the ‘clear’, that is, they appear like any other file system. When creating a disk image that includes an unlocked BitLocker volume, the image will contain the file system in an unencrypted state. This has the advantage that intelligent incremental images are possible and also reduces the image size considerably. Unused clusters aren’t backed up and the unencrypted data will more readily compress.
When restoring to a volume protected by BitLocker, there are two possible outcomes, BitLocker removal restore and BitLocker live restore.
BitLocker removal restore
The entire file system is written to disk. This will happen if the target is BitLocker ‘locked’, the target has no partition or the partition being replaced is different size to the source. In this case BitLocker must be manually re-enabled on the restored file system.
After restoring. BitLocker must be re-enabled.
Follow the wizard prompts to re-encrypt the drive.
BitLocker Live Restore
A Rapid Delta Restore of the file system on top of the existing unlocked BitLocker volume. This will happen if the target file system is BitLocker unlocked, is the same volume as the volume in the image and is the same size. In this case the BitLocker encryption state of the file system is preserved after restoring.
After restoring, Windows Explorer will show drive 'C' with the open padlock icon
To restore to an unlocked BitLocker system drive your Windows PE rescue media must contain BitLocker components, and for auto restore, must be set to 'Auto unlock BitLocker drives'. For more information see: Adding BitLocker support to Windows PE
It's also possible to manually unlock drives using 'manage-bde' commands from within Windows PE. For more information see: Microsoft Technet - manage-bde
Examples
Real world examples of the two different restore outcomes can be shown using image restores to flip between the '1607 - Anniversary update' of Windows 10 and the '1703 - Creators update' on a TPM BitLockered system.
The Creators update changed the size of the C drive to make space for an additional partition.
1607 - Anniversary update:
1703 - Creators update:
The same outcomes apply when restoring between any version of Windows where drive 'C;' has changed size. This includes Windows 1709 - Fall Creators Update and later
1. BitLocker Live Restore. Restoring an image of Windows 1607 - Anniversary update.
In this scenario we are simply restoring a Windows system back to the same partition layout as when the image was created. The Macrium Windows PE boot menu has previously been activated.
2. BitLocker Removal Restore. Restoring an image of Windows 1703 - Creators update to 1607 - Anniversary update
In this scenario we are restoring a Windows1607 Anniversary Update system to Windows 1703 - Creators Update .This will re-layout the system drive to add the additional 490 MB partition and shrink 'C:' by 490 MB. BitLocker on the C drive to be removed so it will be necessary to re-enable BitLocker after restore. The Macrium Windows PE boot menu has previously been activated.
3. BitLocker Removal Restore. Restoring an image of Windows 1607 - Anniversary update to 1703 - Creators update
In this scenario we are restoring a Windows 1703 - Creators Update system back to 1607 Anniversary Update. This will re-layout the system drive to remove the additional 490 MB partition and extend 'C:' by 490 MB. BitLocker on the C drive to be removed so it will be necessary to re-enable BitLocker after restore. The Macrium Windows PE boot menu has previously been activated.