Macrium Support Forum

Restore bitlocker encrypted file from disk image

https://forum.macrium.com/Topic9601.aspx

By lcmarincek - 8 October 2016 11:22 AM

Hi

I use Macrium disk image to backup my entire HD. In this HD, there are some bitlocker encrypted folders (please note that the HD is not encrypted as a whole; only some folders are encrypted).
If I restore the entire HD, everything works fine. The encrypted folders are restored as encrypted, and as long as I am logged in, I can access those folders. No problem.
However, if instead of restoring the entire HD I want to restore only one file from those encrypted folders, it doesn't work. I tried mounting the backup image and dragging the file from the mounted image to another folder on my HD, but it's not possible, even if I'm logged as the owner of the files (I get an error message from Windows saying that the encrypted file is not open for access).
Do I somehow need (and I hope so...) to enter my Windows account password to unlock the encrypted files on the backup image? If so, how do I do it?

Thanks
By Nick - 8 October 2016 12:30 PM

@lcmarincek

Thanks for posting. 

BitLocker can only encrypt entire volumes (disks) it cannot encrypt individual folders or files. Your folders will be encrypted using Windows  EFS (Encrypted File System). Please see this KB article on restoring EFS encrypted files from a mounted image:

http://knowledgebase.macrium.com/display/KNOW/How+to+copy+Encrypted+File+System+(EFS)+files+from+a+mounted+disk+image
By lcmarincek - 8 October 2016 11:29 PM

Thanks for your explanation, Nick.
I'll try it.

Best regards
By lcmarincek - 9 October 2016 12:38 AM

lcmarincek - 8 October 2016 11:29 PM
Thanks for your explanation, Nick.I'll try it.Best regards

I followed the instructions and it worked.
The only detail I would like to highlight is that it only worked for non-existing target folder.
For instance, I tried to copy a file from the backup mounted image to the same folder where it was originally located in the HD, and the copy failed.
Then I chose a non-existing directory as target, and then it worked. The target directory was created by robocopy, and the file copied to it.
I don´t know whether there is any command option to accept an existing directory as target (I took a look at the command options, but none of them seemed to do it).
Anyway, I was able restore the encrypted file from the backup image.

Thanks again, Nick.