Backup (system image) a bitlocker drive

Associate
Joined
13 Jan 2003
Posts
49
Location
Stockport, UK
Can anyone answer this question please. My wife has a work PC at home (Windows 10 Enterprise) and the system admin is quite locked down and the whole drive is bitlocked. I am keen to back the whole thing up in case I bugger it up and do a system imaqe. (system restore is disabled on this system). I was looking at using cloning software such as AOMEI Backupper - this webpage indicates it can handle it:

https://www.ubackup.com/clone/clone-bitlocker-encrypted-disk-4348.html

The PC allows me to backup the bitlocker key - but do I actually even need this to do a cloned restore?

Also the bitlocker key I've backed up confuses me as it says - "If the above identifier doesn't match the one displayed by your PC then this isn't the right key to unlock your drive" .....how do I check the one displayed on my PC?

eg - https://www.tenforums.com/attachmen...-windows-10-a-bitlocker_recovery_key_file.jpg

Is there anyone else I need to be aware of with cloning a bitlocked drive?

thanks
 
Soldato
Joined
28 Sep 2008
Posts
14,123
Location
Britain
You're confusing what bitlocker does. If the drive key is not the same as that in the tpm chip of the pc, it will not work, hence the message.

Can I ask, why do you want to clone your wife's work pc?
 
Associate
OP
Joined
13 Jan 2003
Posts
49
Location
Stockport, UK
You're confusing what bitlocker does. If the drive key is not the same as that in the tpm chip of the pc, it will not work, hence the message.

Can I ask, why do you want to clone your wife's work pc?

As I said I want to ensure it can be restored in case I bugger it up. We only had the PC a week and I changed a network setting (that I shouldn't have!) and the Mrs couldn't log in it so it had to go back to work to be reconfigured. Just want to avoid future hassle like that.
I am ok then with doing a clone using the above software?
 
Soldato
Joined
28 Sep 2008
Posts
14,123
Location
Britain
That's kind of why I'm asking. Why are you using her work laptop at all? It probably doesn't need tinkering with and if you're not sure you won't bugger it up, then it's probably best you don't touch it at all.

You can clone the drive but you won't be able to access any bios or boot settings to restore the drive if required as I suspect those will be locked down by the IT dept as well.
 
Associate
OP
Joined
13 Jan 2003
Posts
49
Location
Stockport, UK
That's kind of why I'm asking. Why are you using her work laptop at all? It probably doesn't need tinkering with and if you're not sure you won't bugger it up, then it's probably best you don't touch it at all.

You can clone the drive but you won't be able to access any bios or boot settings to restore the drive if required as I suspect those will be locked down by the IT dept as well.

I just had to fix the in laws surface tab due to Microsofts update so it's even possible for a system to break without doing anything daft.......

https://mspoweruser.com/kb4516067-breaks-internet-explorer-for-some-surface-users/
 
Soldato
Joined
25 Oct 2002
Posts
2,617
I just had to fix the in laws surface tab due to Microsofts update so it's even possible for a system to break without doing anything daft.......

https://mspoweruser.com/kb4516067-breaks-internet-explorer-for-some-surface-users/

How is that relevant for a work device? If an update breaks something (and they will more than likely be controlling which updates get installed on their machines anyway) then work IT fixes it, not the end user...

If you're a regular user on the computer and the device has been configured against any reasonable security baselines then you should not be able to take (or restore) an image of the device without the involvement of the administrator of the system.
 
Associate
OP
Joined
13 Jan 2003
Posts
49
Location
Stockport, UK
How is that relevant for a work device? If an update breaks something (and they will more than likely be controlling which updates get installed on their machines anyway) then work IT fixes it, not the end user...

If you're a regular user on the computer and the device has been configured against any reasonable security baselines then you should not be able to take (or restore) an image of the device without the involvement of the administrator of the system.

I have experienced MS updates breaking PC's (point taken that its less likely with a corporate PC) this PC is a desktop so I don't want to fetch it back if its any easy fix. System restore is disabled which has often saved my bacon with issues in the past and imaging has also been a great last resort fix. Looks like cloning is a dead end idea then!
 
Soldato
Joined
28 Feb 2006
Posts
4,799
Location
No longer riding an Italian
Can anyone answer this question please. My wife has a work PC at home (Windows 10 Enterprise) and the system admin is quite locked down and the whole drive is bitlocked. I am keen to back the whole thing up in case I bugger it up and do a system imaqe. (system restore is disabled on this system). I was looking at using cloning software such as AOMEI Backupper - this webpage indicates it can handle it:

https://www.ubackup.com/clone/clone-bitlocker-encrypted-disk-4348.html

The PC allows me to backup the bitlocker key - but do I actually even need this to do a cloned restore?

Also the bitlocker key I've backed up confuses me as it says - "If the above identifier doesn't match the one displayed by your PC then this isn't the right key to unlock your drive" .....how do I check the one displayed on my PC?

eg - https://www.tenforums.com/attachmen...-windows-10-a-bitlocker_recovery_key_file.jpg

Is there anyone else I need to be aware of with cloning a bitlocked drive?

thanks

Leave it alone?

If it's a corporate device allocated to her, then leave it well alone - her company have a trained IT team to look after kit; so leave any tweaks and whatnot to them. No idea why you'd feel the need to fiddle with a work device - what's the old saying about a little knowledge being dangerous and all that?

Seriously though, don't go hiking the drive out of the machine or anything - you misses may fall foul of a disciplinary, all because you want to cover your fiddling.
 
Last edited:
Associate
OP
Joined
13 Jan 2003
Posts
49
Location
Stockport, UK
Leave it alone?

If it's a corporate device allocated to her, then leave it well alone - her company have a trained IT team to look after kit; so leave any tweaks and whatnot to them. No idea why you'd feel the need to fiddle with a work device - what's the old saying about a little knowledge being dangerous and all that?

Seriously though, don't go hiking the drive out of the machine or anything - you misses may fall foul of a disciplinary, all because you want to cover your fiddling.

No desire to move the drive out but fair point about a little knowledge being dangerous as I had already messed up the login due to changing a network setting, hence the reason to avoid further hassle if something else went wrong.
 
Soldato
Joined
28 Feb 2006
Posts
4,799
Location
No longer riding an Italian
No desire to move the drive out but fair point about a little knowledge being dangerous as I had already messed up the login due to changing a network setting, hence the reason to avoid further hassle if something else went wrong.

I'd be tempted to just leave it as is, I wouldn't appreciate one of our users fiddling with one of our corp devices; let alone their other half who doesn't work for us. There would be no end of 'employee handbook' type rules that would breach.

So long as it can get an IP on your home network, and things such as VPN function through your ISP - then your other half can be completely hands off with the upkeep and trouble shooting of the device. Of course, I am assuming her company does have an IT dept, and do at least have some basic policies in place.
 
Back
Top Bottom