56619: Acronis True Image: compatibility with BitLocker

    Last update: 23-02-2022

    Introduction

    BitLocker is a Microsoft technology for encrypting disk volumes. Its main purpose is to prevent unauthorized access to Windows, programs and user data, if hackers try to tamper with computer boot process or get physical access to the disk. BitLocker disk encryption optionally can be coupled with a hardware component Trusted Platform Module (TPM), available on some modern computers, and a USB key, for the highest level of protection.

    Sometimes called "full-disk encryption", BitLocker, however, targets disk volumes individually, such as C:, D:, F: and others. BitLocker is enabled on per - disk volume basis, not for the entire physical disk. In other words, you cannot tell BitLocker to encrypt an HDD or SSD: you can only encrypt a disk volume, which can occupy more or less disk space on the HDD or SSD.

    In this article we will use the term "disk" the way it is used in Windows Explorer user interface: indicating a disk volume, e.g. C:.

    Learn more about BitLocker at Microsoft website.

    Description

    Acronis True Image is compatible with BitLocker with certain limitations that depend on the current status of BitLocker protection of the disk.

    Disks can be:

    1) encrypted and locked

    2) encrypted and unlocked

    3) not encrypted

    The simplest way to tell BitLocker status of a disk is to see how the disk looks in Windows Explorer.

    Encrypted and locked

    Disks that are encrypted by BitLocker and are in locked state have a gold lock on them. Such disks are not available for any operation by Acronis True Image, except for being overwritten when recovering an Entire PC, disk or partition backup in disk/partition mode using Acronis Bootable Media.

    To unlock the disk, while keeping it encrypted, right-click the disk and select "Unlock drive...", enter the password and click Unlock:

    Encrypted and unlocked

    Disks that are encrypted by BitLocker, and are in unlocked state, have a silver unlocked padlock:

    Encrypted and unlocked disks:

    • Can be backed up in any mode: Entire PC, disk, partition, files/folders. Backups of type "Entire PC" will fail, however, if at least one internal disk is encrypted and locked, even if others are unlocked or not encrypted at all.
    • Can be cloned, if the cloning operation does not request a computer reboot
    • Can be overwritten when recovering an Entire PC, disk or partition backup in disk/partition mode using Acronis Bootable Media
    • Are saved in Acronis True Image backup and cloned in unencrypted state. If you recover them or boot from the clone, you will need to turn on BitLocker protection again. For that, right-click the disk and select "Turn on BitLocker":
    • Cannot be read by Acronis bootable environment:
      • Cannot be backed up by using Acronis bootable media or Acronis Startup Recovery Manager (F11 key function)
      • Disk cloning of such disk will fail, if the cloning tool requests a computer reboot
      • Recovery from or to such disk, initiated in Windows, will fail, if a computer reboot is requested
      • Encrypted and unlocked disks cannot be read by Acronis Bootable Media
      • Avoid storing backups on encrypted and unlocked disks, because at recovery time the bootable media or the bootable agent will not "see" the disk, where the backup is stored. A relatively safe scenario is when you store file/folder backup on encrypted and unlocked disk, and plan to restore to a new location, not overwriting the original files/folders.
    • Cannot be used for activating Acronis Startup Recovery Manager (F11 key function) on them
    • Block Acronis Secure Zone creation. To create Acronis Secure Zone, decrypt the disk by turning off Bitlocker.
    • Restrict Acronis Try&Decide feature usage, regardless of any planned Try&Decide settings: Try&Decide cannot work when a partition in your system is encrypted with BitLocker.
    • Survival Kit creation may require re-formatting the external disk, if it is encrypted with Bitlocker and unlocked

    You may see a yellow triangle with an exclamation mark picture overlay and a silver unlocked padlock on the disk - it would indicate that the disk, still being encrypted by BitLocker and in unlocked state, has BitLocker protection suspended. Such disks are treated by Acronis True Image the same way as encrypted and unlocked.

    How to turn off BitLocker

    To lift the above listed restrictions, you can turn off BitLocker protection, which will decrypt the disk:

    1. Right-click the disk in question in Windows Explorer and select "Manage BitLocker":
    2. Click "Turn off Bitlocker" on the BitLocker management screen:
    3. Confirm the operation and wait until the decryption finishes. It may take up to several hours for big disks with a lot of data and programs on them.
    4. After the operation finishes, the disk becomes not encrypted

    Not encrypted

    If the disk does not bear any padlock adornment, it is not encrypted at all. In other words, BitLocker protection is either not enabled (not to be confused with the term "suspended"!), or was turned off. Such disks are available for all operations with Acronis True Image without any limitations.

    Tags: