none
Server 2008 R2 SP1, BitLocker to go, image restore, Unexpected results

    Question

  • On Svr 2008 R2 SP1, I wanted to test backup and image restore with a Bitlocker encrypted USB disk. Here's what I did:

    1. I turned on encryption on the USB disk, Chose password method and set it to auto-unlock on this computer.
    2. Ran a full system backup with the encrypted USB disk as the destination.
    3. Plugged the USB disk into another computer. Confirmed that it did require a password before I could access it.
    4. Now for the restore test. I booted the R2 computer from the Windows 2008 R2 SP1 setup DVD and chose the repair computer option.
    5. I plugged in the encrypted USB disk (can't remember if I did this before or after booting from the DVD).
    6. When choosing an image to restore, it could not find any.
    7. I got a pop-up saying that I needed to enter a key to be able to access the USB disk. 
    8. I wanted to simulate not having the key (only the password), so I cancelled out of that window.
    9. I went to the command prompt and entered >manage-bde -unlock E: -pw
    10. After entering the password, I exited the command window and went back to restore an image.
    11. It found backup image on the encrypted USB disk and I chose to do a full system restore. The restore was successful.
    12. I later tried to restore from the same USB disk again using the same method was surprised because it did not ask for a key or a password this time. The second restore was also successful.
    13. Then, after booting up the restore R2 machine, I  noticed that the USB disk no longer had bit locker turned ON. It looked like it was not encrypted anymore.
    14. I plugged the disk into another computer and it did NOT require a password to access it there either.
    15. Now,  after all of the above, Here's my Question. How did the disk become decrypted? I don't remember it going thru any decryption process (that seems to take while). Did it decrypt automatically during the first restoration? 
    16. Note (don't know if this is related): later I reformatted the USB disk twice. Each time I plugged back into the R2 machine and it want to repair the disk and after it did, the files returned. I had to go to the disk manager and remove the partition to get it to stop doing that.  

    No big deal. My test was successful but I am confused as to how the USB was decrypted.

    Thanks for any light anyone can shed on this.

    Monday, February 03, 2014 10:45 PM

Answers

  • Hi,

    From your description, I don’t see any chance that the USB disk could be decrypted. We can only decrypt the disk via UI or manage-bde –off.

    In addition, decrypting a disk might take several hours. It could not be decrypted without any notification.

    According to the above, I suggest checking if there was any mis-operation. Also, please do more tests and check if the issue can be reproduced.

    Thanks.


    Jeremy Wu

    TechNet Community Support

    • Marked as answer by Myykee Thursday, February 06, 2014 8:00 PM
    Wednesday, February 05, 2014 10:21 AM

All replies

  • Hi,

    From your description, I don’t see any chance that the USB disk could be decrypted. We can only decrypt the disk via UI or manage-bde –off.

    In addition, decrypting a disk might take several hours. It could not be decrypted without any notification.

    According to the above, I suggest checking if there was any mis-operation. Also, please do more tests and check if the issue can be reproduced.

    Thanks.


    Jeremy Wu

    TechNet Community Support

    • Marked as answer by Myykee Thursday, February 06, 2014 8:00 PM
    Wednesday, February 05, 2014 10:21 AM
  • Hi Jeremy,

    Thanks for the info. I am unable to reproduce the results but I cannot say for sure that I did not use the manage-bde -off command. It was my first time using manage-bde and did tinker with some command line switches. Its possible I just didn't pay attention to the message that indicated it was decrypting then once I closed the command prompt in the PE environment there was nothing to indicate decryption was continuing.

    Thanks again and sorry for wasting your time.


    • Edited by Myykee Thursday, February 06, 2014 8:12 PM
    Thursday, February 06, 2014 8:12 PM