KnowledgeBase
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Macrium Reflect can include the components necessary to unlock Microsoft BitLocker drives in Windows PE.

Note: It isn't absolutely necessary to unlock BitLiocker encrypted drive when restoring an image of the encrypted partition. The partition will restore without a problem and will be automatically re-encrytped on reboot, however, unlocking the drive in Windows PE enables Rapid Delta Restore and also free access to the drives contents using PE Explorer.

Saving the encryption key

  1. In Windows Explorer, right click the BitLocker encrypted drive and click on ‘Manage BitLocker’
  2.  In the newly opened window click ‘Back up your recovery key’
  3.  In the BitLocker Drive Encryption wizard select ‘Save to a USB flash drive’ and chose the USB device you want to save to. 


    After choosing the USB device you want to save the Recovery Key file to, click ‘Save’ and then ‘Finish’ in the BitLocker Drive encryption wizard. This action will save a .BEK file on to the chosen USB device.

    Note: The .BEK file is a protected operating system file, it is hidden by default and won't be visible within Windows Explorer. it can be made visible by changing Folder Options and se-selecting the option to ‘Hide Protected operating system files’.

     

  4. If you haven't done so already, create your Windows PE recovery media and ensure that your Windows PE rescue media has been created with the 'Include optional components' option selected.


Unlocking the drive in Windows PE

  1. Boot into Windows PE. Click the Backup tab. The encrypted drive will be visible and its status will be ‘BitLocker Locked’. It will not have a drive letter.
  2.  A drive letter will be needed to unlock the encrypted drive.   
    Open ‘Window PE Explorer’, Click on the computer icon in the bottom left hand corner of your screen. A new window will appear presenting all the Drives available to Windows PE.  


    The drive without a visible File system or Size will be the BitLocker encrypted drive. In this case the drive is E:

     

  3. Start a command prompt.


    The command line can be accessed by clicking the black icon on the bottom left corner of your screen.

  4. In the command line enter “manage-bde -unlock E: - RecoveryKey D:\” then press the ‘Tab’ key until you see a key that resembles the following combination: “XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX” and ends with “.BEK” to auto-complete the line after the drive letter.

    manage-bde -unlock E: - RecoveryKey D:\XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX.BEK
    Note: Your recovery key may be located on a different drive to D:. and your BitLockered drive maybe different to E:. Please ensure that you use the correct drive letters.

    After entering the command press ‘Enter’ to unlock the BitLocker Encrypted drive:

  5. To make the drive accesible in Macrium Reflect, select the 'Backup' tab in Reflect and click Refresh.

  6. After refreshing the drives in Macrium Reflect you will now be able to see a drive letter and a status on the drive that was locked.

After unlocking the drive you can now freely access files on the drive using PE Explorer, perform Rapid Delta Restores (RDR) and Clone operations.

  • No labels