From Microsoft documentation, “BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.”
Volumes protected by BitLocker can be backed up using the Intronis Backup Physical Imaging plugins, Hyper-V plugins, and the Files & Folders plugin. To do so, our agent needs to be installed on the source machine and running as an admin user. The data can have encryption enabled, but the source volume/s in question need to be unlocked at the time of backup and backup set configuration. For Physical Imaging and Hyper-V Rapid Recovery, the local storage location can also be encrypted with BitLocker and backups and restores will continue to function. However, the restore location needs to also be unlocked at time of restore.
To unlock a drive, do the following:
- Open an elevated command prompt.
- Type the following command:
manage-bde -unlock x: -recoverypassword XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX
...where "x:" is the drive you want to unlock and "
XXXXXX-...-XXXXXX" is the recovery password.
- Hit the Enter key.
As our agent performs content-aware backups, even if the data is stored encrypted, we back it up and restore is as unencrypted. Because we access and back up the unencrypted volume data, Rapid Recovery restores will be successful, the system will boot, but the data will be unencrypted, unlocked, and will not require a password to access. This also means that we do not access, use, or store BitLocker passwords and cannot recover them.