Bitlocker and auto-unlock

User discussion and information resource forum for Image products.
Post Reply
crawfish
Posts: 47
Joined: Mon Jun 24, 2013 9:49 pm

Bitlocker and auto-unlock

Post by crawfish »

I just read the KB article on Bitlocker, and I believe it says you can restore a "Type A" (unencrypted) system image to the same drive such that it will be re-encrypted during the restore, provided you unlock the system partition in TBWinRE before restoring. Is this correct? If so, that's great, because I've not been doing that, and I've had to re-encrypt after the restore inside Windows. What I'm also wondering is the effect it has on auto-unlock, which gets messed when one re-encrypts as described here, along with a cumbersome fix:

https://www.mcbsys.com/blog/2010/08/re- ... e-restore/

Is this problem avoided by unlocking the system partition in TBWinRE before restoring? Would my auto-unlock partitions work normally when I reboot after the restore?
TeraByte Support(PP)
Posts: 1644
Joined: Fri Aug 12, 2011 12:51 am

Re: Bitlocker and auto-unlock

Post by TeraByte Support(PP) »

That's correct. In my tests with auto-unlock it still worked after restoring. However, if the restore isn't successful for some reason then you'd have to revert to what you've been doing (re-encrypt afterwards, etc.). In some cases, it may also help to use the "Write Changed Sectors Only" option when restoring to the unlocked partition.
crawfish
Posts: 47
Joined: Mon Jun 24, 2013 9:49 pm

Re: Bitlocker and auto-unlock

Post by crawfish »

That's awesome! It never occurred to me to unlock the system partition in TBWinRE before restoring.
crawfish
Posts: 47
Joined: Mon Jun 24, 2013 9:49 pm

Re: Bitlocker and auto-unlock

Post by crawfish »

OK, I've just had reason to try restoring a Windows 10 system drive backup, and though I unlocked the destination system partition in WinRE, it restored unencrypted. Reviewing the KB article, I think this is what messed me up:

https://www.terabyteunlimited.com/kb/article.php?id=616

"Restoring an entire disk Type A backup image (e.g. a backup of the Windows disk taken using VSS) will result in the restored partition not being encrypted even if the encrypted destination partition was unlocked. You would need to enable BitLocker on the partition to encrypt it."

My question now is, should I have just restored "MBR 1" instead of the entire drive, which includes "System Reserved"? I have no idea what Windows does with System Reserved, so to be safe, it never occurred to me NOT to restore it. However, I just wanted to revert some ordinary application-level changes that didn't work out.
Brian K
Posts: 2214
Joined: Fri Aug 12, 2011 1:11 am
Location: NSW, Australia

Re: Bitlocker and auto-unlock

Post by Brian K »

If you restore an Entire Drive image then the previously encrypted partition will need to be re-encrypted. You must restore a partition and not the entire drive (although the partition image restored can be part of an Entire Drive image). It only works if you restore the Win10 image to the Win10 partition on the same HD. You already know you must restore to an unlocked partition.
crawfish
Posts: 47
Joined: Mon Jun 24, 2013 9:49 pm

Re: Bitlocker and auto-unlock

Post by crawfish »

So just to be clear, not restoring the "System Reserved" partition is OK? Or should it be restored on a single partition basis, too?
Brian K
Posts: 2214
Joined: Fri Aug 12, 2011 1:11 am
Location: NSW, Australia

Re: Bitlocker and auto-unlock

Post by Brian K »

crawfish wrote:
> So just to be clear, not restoring the "System Reserved"
> partition is OK?

Sure. In general there is no need to restore this partition when you are restoring the Win10 partition to the same HD. When you restore the Win10 partition remember it is NOT the Active partition so don't set it Active.
crawfish
Posts: 47
Joined: Mon Jun 24, 2013 9:49 pm

Re: Bitlocker and auto-unlock

Post by crawfish »

Got it, thanks.
Post Reply