Macrium Reflect

Discussion in 'backup, imaging & disk mgmt' started by Stigg, Nov 23, 2013.

  1. jphughan

    jphughan Registered Member

    Joined:
    May 3, 2018
    Posts:
    201
    Location:
    US
    This KB article from Macrium details the various possibilities with respect to BitLocker. But the short version is, it depends on a couple of factors both at backup and restore time. If the backup was captured while the volume was locked, then it will always be restored locked -- but that's not ideal because backups of locked volumes will be much larger since Reflect will have to capture every block in the partition, including free space, AND compression doesn't work on encrypted data. If the backup was captured while the partition was unlocked, then in general it will be restored in the clear (and you will get a warning about this). The exception is if the restore target is already using BitLocker, the target is unlocked at the time of restore, AND Rapid Delta Restore can be used (requires a paid Reflect license and some other conditions). This is the typical scenario when you're just rolling your system back to the state of a previous backup rather than setting it up from scratch AND you either have auto-unlock Rescue Media or you manually unlocked the partition using manage-bde. In THAT situation, Reflect supports restoring a backup in a way that preserves the existing encryption on the target.

    When you are restoring a partition that had BitLocker, you can check what will happen beforehand because the final step of the restore wizard where you see a summary of what will happen indicates the type of BitLocker restore that will occur: BitLocker Removal (restored in the clear), BitLocker Live Restore (preserve target encryption), or BitLocker Encrypted (source was locked at backup, so restored instance will be encrypted).

    An extension of the capability I just described comes into play when cloning. If you clone an unlocked BitLocker partition, the clone target will be in the clear. But if you then enable BitLocker on the target, future clones that use Rapid Delta Clone will preserve the unique encryption of the source and target, i.e. they can have different passwords, Recovery Keys, etc.

    I think I remember reading that VeraCrypt can be made to work in WinPE to unlock partitions in that environment -- I think you just need the VeraCrypt Portable application files available? -- but I don't remember for sure, and I don't know if unlocking a partition prior to restoring onto it would preserve VeraCrypt encryption.
     
    Last edited: Feb 19, 2019
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,259
    Location:
    North Carolina, USA
    Hello,

    A new update has been released, version 7.2.4063...
    Homepage
    Download Page
    Release Notes
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,822
    Location:
    Here
  4. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,259
    Location:
    North Carolina, USA
  5. SanyaIV

    SanyaIV Registered Member

    Joined:
    Oct 17, 2013
    Posts:
    276
    Thanks! I tried searching for it but I must have missed that article. I think in my case it would go in the BitLocker Live category since when I boot into the rescue media it asks me for my bitlocker password to unlock the drive (and then I use the command line to unlock the drive containing the backups) so my guess is that any restore would go through the bitlocker encryption process.

    Is it possible/easy to include VeraCrypt portable executable inside the actual PE image? My Desktop is using Windows 10 Education which is why I can use BitLocker, but my laptop is using Windows 10 Home so in the case something goes wrong with my desktop, I can't really do anything with my drives on my laptop since I can't decrypt them on there, if I understand the limitations correctly. Which is partially why I would prefer VeraCrypt.
     
  6. jphughan

    jphughan Registered Member

    Joined:
    May 3, 2018
    Posts:
    201
    Location:
    US
    I don't think you have to incorporate VeraCrypt directly into the image file. You could just store the VeraCrypt Portable application in a folder on your Rescue Media flash drive (assuming you're using a flash drive rather than a disc). I actually have a few WinPE-compatible utilities that I just keep in a folder of my bootable flash drives so they're available whether I'm booting Rescue Media, a Windows installer, or something else, and it works fine. But again, I don't remember whether it's that simple to get VeraCrypt in particular working in WinPE. If you did need to build it into the image, you'd probably have to use the option in Rescue Media Builder to build a custom WIM file.

    However, your BitLocker situation isn't as dire as you think. Windows 10 Home can access (unlock) BitLocker volumes; it simply can't create new BitLocker volumes (with an exception I'll get to in a moment), and it might not be able to actually remove encryption on them either. The exception is that on Windows 10 Home systems that meet certain hardware requirements, there's a scaled down version of BitLocker available that Microsoft just calls "Device encryption". It's normally meant to be used only for the OS disk and only in conjunction with linking your local account to your Microsoft account so that your Recovery Key gets backed up to the cloud, but I've found that I can still use manage-bde to encrypt my OS disk without having to link to a Microsoft account. I haven't tried encrypting external media on that system. On your Win10 Home system, go to "Settings > Update & recovery" and see if you have a "Device encryption" item at the bottom. If you do, then see what you can do with manage-bde. (Side note: This capability actually has become a nasty surprise for some people. Some Win10 Home systems are being shipped with BitLocker enabled but kept in a suspended state so that it behaves as a normal unencrypted partition upfront, but proper encryption can be "instantaneously enabled" later. That occurs if you choose to link your Microsoft account, because your Recovery Key gets backed up to the cloud automatically. The problem is that the user apparently isn't told that their disk is now encrypted or where to get that Recovery Key. And the Recovery Key prompt itself doesn't even suggest that it might be stored in the cloud. So if the user ever actually sees that prompt, such as after a motherboard replacement or even a BIOS update, it's usually the first time they've been told that their drive was encrypted to begin with, AND they're given no hints as to where they might find their Recovery Key in order to access their system/data again. Nice, right?)
     
  7. WinterKnight

    WinterKnight Registered Member

    Joined:
    Oct 30, 2017
    Posts:
    60
    Location:
    USA
    I have the free home edition of Macrium Reflect. After updating to v7.2.4063 the heading on the boot menu rescue media says Macrium Reflect Workstation Edition. I’m pretty sure it said Free Edition before I upgraded. Is this just a cosmetic issue or is something else wrong? I use PE 10 by the way.
     
  8. jphughan

    jphughan Registered Member

    Joined:
    May 3, 2018
    Posts:
    201
    Location:
    US
    PE version shouldn't affect the Reflect edition reporting. Out of curiosity, do you see a ReDeploy option in your new Rescue environment task list? If so, does a wizard actually pop up rather than just advising you that your current edition doesn't have it available? And/or can you create File & Folder backups in Rescue now? If you have access to those features, then it's not just cosmetic. Incidentally, does the Reflect installation within "real" Windows still show Free?
     
  9. WinterKnight

    WinterKnight Registered Member

    Joined:
    Oct 30, 2017
    Posts:
    60
    Location:
    USA
    There is a Redeploy option in the rescue environment. When I clicked on it, a message popped up saying Redeploy is not available in this edition. There’s also a Backup files option. When I clicked on it a wizard popped up. I didn’t take it any further. In the real Windows environment, it still says free edition.
     
  10. jphughan

    jphughan Registered Member

    Joined:
    May 3, 2018
    Posts:
    201
    Location:
    US
    That's very strange. The only setup I'm aware of that would NOT have ReDeploy available but WOULD allow you to perform file backups is a trial edition of a paid version. I'd recommend emailing Macrium Support about this. Technically they don't provide formal support for the Free version, but they do sometimes respond anyway, and if Reflect isn't creating Rescue Media properly, that's definitely something they'd fix. I'd recommend sending them screenshots of the entire Reflect application while the Help > About Macrium Reflect dialog is displayed, one from "real" Windows and another from Rescue. Macrium at some point added screenshot functionality to the Rescue environment, fyi. Just press the Print Screen key on your keyboard and a file dialog will appear asking you where you want to save the screenshot. A screenshot showing the Rescue Media Builder wizard might be useful too, since the upper portion of that wizard displays edition and version information about the Rescue Media it's going to build.
     
  11. WinterKnight

    WinterKnight Registered Member

    Joined:
    Oct 30, 2017
    Posts:
    60
    Location:
    USA
    Thanks for your help. I restored an image taken before the update, so I can’t do anymore troubleshooting at this time. I’m back to v7.2.3957.
     
  12. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,324
    Wow, I didn't know this. I remember that I was struggling with taking photo's some months ago. I'll have to test this later.
    Thanks jphughan !!
     
  13. jphughan

    jphughan Registered Member

    Joined:
    May 3, 2018
    Posts:
    201
    Location:
    US
    You’re very welcome! Yeah, I didn’t know about this either until I picked apart the WIM file and found PEScreenshots.exe but couldn’t figure out how it worked, and then it just so happened that someone else on the Macrium forums asked how to use it. I don’t know if Macrium wrote this app themselves (it doesn’t have a digital signature), but I’ve copied it to a folder of useful Windows/WinPE tools I maintain because it can be used elsewhere, not just in Rescue Media. You just launch it so that it starts running in the background, and then pressing Print Screen triggers a file dialog. It even works in “full” Windows, though the Snipping Tool is a better option there anyway.
     
  14. WinterKnight

    WinterKnight Registered Member

    Joined:
    Oct 30, 2017
    Posts:
    60
    Location:
    USA
    Does anyone with the free version of Macrium Reflect see “Workstation Edition” in the rescue environment title bar after updating to v7.2.4063? I’m specifically asking about the rescue environment that is launched from the boot menu.
     
  15. jphughan

    jphughan Registered Member

    Joined:
    May 3, 2018
    Posts:
    201
    Location:
    US
    Just tested this in a VM and found the same result. Weirdly, the splash screen and About Macrium Reflect dialog still show Free, but the title bar does indeed show Workstation, and the paid features like encryption are available -- except ReDeploy, which isn't. I'll report it on the Macrium forums (UPDATE: Reported here.)
     
  16. j0w

    j0w Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    6
    https://i.imgur.com/XEWtDIE.png

    Hello, everyone!

    That is my disk list and I want to copy my C: Windows 8.1 installation to Disk 2 as a 400GB partition letting the remaining space (~60GB) unallocated to install Windows 10.

    1. What is the best way to do it? Image or Clone?
    2. Is mandatory that I unplug my Disk 1 from sata cable and plug Disk 2 on it after Clone/Image or I just need to change the boot priority?
    3. Macrium Free can handle all the operations?

    Thanks in advance.
     
  17. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    817
    After updating Reflect this week cloning on one PC seems back to normal speeds (hope this is not an outlier).

    Imaging on the other is still very slow.

    (I'll try via PE/RE next week)
     
  18. jphughan

    jphughan Registered Member

    Joined:
    May 3, 2018
    Posts:
    201
    Location:
    US
    1. Given that you have a way to have both the source and destination disks attached simultaneously, a clone would be preferable because it's faster than capturing an image to a file somewhere and then restoring it to the target disk as a separate step. And since your C partition that you presumably want to expand is already the last partition on the source disk, you can either expand the partition as part of "staging" the clone or easily do so after the fact. If you'd have other partitions afterward, it would have required a bit more attention.

    2. Since your system seems to use UEFI booting judging by the presence of the EFI partition, you might find that your other SSD doesn't show up in the boot order. On some UEFI systems, local storage boot options are only presented in the BIOS Setup boot order list if they have been registered into the firmware, and that registration consists of a path to a specific bootloader file on a specific partition of a specific device. It's not like Legacy BIOS booting where you just pick a device. So I would recommend that after you perform your clone, you disconnect the source disk and try booting. If it works, great. If not, boot into your Reflect Rescue Media (make sure you have that first!) and run "Fix Boot Problems". Then try again. At that point if you want to keep using the old disk, reconnect it, make sure you're still booting from the new disk, and then use diskpart's "clean" command to wipe the entire disk, including its hidden partitions, and then set it up as desired.

    3. Yes, Reflect Free can do all of this.
     
    Last edited: Feb 23, 2019
  19. WinterKnight

    WinterKnight Registered Member

    Joined:
    Oct 30, 2017
    Posts:
    60
    Location:
    USA
    Thanks for testing and confirming this. As I previously mentioned, I restored back to v7.2.3957. Do you have any thoughts on whether it’s best to update the Reflect Windows installation to v7.2.4063 and leave the rescue environment at 7.2.3957, or just do nothing and wait for the fix?
     
  20. kronckew

    kronckew Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    288
    Location:
    CSA Consulate, Glos., UK
    Back in the dark ages of win7 I added an ssd to my system on the second SATA cable, cloned it, and used the bios settings to boot from it, then I formatted the old mechanical disk and used it for data and backups. It worked OK, tho occasional utils would get confused. Macrium's boot fixer was required a few times if I had boot sector troubles. UEFI came along and I resisted as long as I could, but went over to the dark side with Win10 insiders. I had to operate on my PC a few months back to reseat my blue ray drive's cables, so I switched the cables on my two drives to put the ssd on cable one. After resetting the bios boot options, and using the macrium boot fixer, it booted up fine. Macrium has a setting buried in there to use drive letters or physical ID of drives that can be played with if it is needed.
     
  21. jphughan

    jphughan Registered Member

    Joined:
    May 3, 2018
    Posts:
    201
    Location:
    US
    If you need anything the 4063 update addresses, by all means update. If not, may as well wait. That part is no different from normal. As for Rescue Media, you can certainly keep it on the old build even if you update the installed version, but even though 4063 Free builds Rescue Media incorrectly, it doesn’t appear to be broken, so I wouldn’t even consider 4063 Free Rescue Media to be a problem. If anything, it’s technically better, but I suspect Macrium will address this soon because they won’t want to be giving away paid version Rescue Media (sans ReDeploy) for free.
     
  22. j0w

    j0w Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    6
    My PC setup is a little bit complicated and I would like to not mess with sata cables.

    With this in mind:

    1. How do I know that my UEFI is not so restrictive and that will allow the boot (or not)?
    2. If my UEFI is so restrictive, how do I check if "a path to a specific bootloader file on a specific partition of a specific device" is OK?
    3. If messing with my sata cables is really mandatory, do I need to put the new Disk on the sata cable used by the old Disk or can I just unplug the sata cable attached to the old Disk and try to boot?
     
  23. jphughan

    jphughan Registered Member

    Joined:
    May 3, 2018
    Posts:
    201
    Location:
    US
    Ok, a bit more background on UEFI would probably help here. In addition to allowing registration of bootloader files at arbitrary paths, the UEFI spec defines a standard bootloader file path of \EFI\Boot\Bootx64.efi. As a result, on systems that offer a one-time boot menu accessed by pressing a specific key during startup, the contents of THAT list will be populated dynamically based on whatever devices/partitions the system finds with a bootloader file at that path. That's how it's possible to boot in UEFI mode from temporarily connected flash drives that obviously wouldn't have been permanently registered into the firmware -- as long as said flash drive uses that standardized bootloader placement and naming. But there are two snags here:

    The first is that as I said earlier, some systems will populate their one-time boot list dynamically but will still limit the boot options list in the BIOS setup interface to "registered" bootloaders. If you want to test how your system works, connect a UEFI-bootable flash drive and access your BIOS setup. If you see your flash drive listed as a boot option, then it dynamically populates the boot order list. If not (but you still see the flash drive in a one-time boot menu), then its boot order list is limited to registered paths. However....

    The second snag is that even if your system DOES populate its permanent boot order list dynamically, Windows Boot Manager doesn't use that standardized path. It loads from \EFI\Microsoft\Boot\bootmgfw.efi, so unless your system/motherboard's firmware also automatically checks for that path on connected devices as well, it's unlikely to just find your new SSD and list it in the boot order. But the Fix Boot Problems routine on the Reflect Rescue Media is designed to deal with this. Just make sure you boot the Rescue Media itself in UEFI mode so that it runs the correct boot fixes for your platform.

    Messing with your SATA cables isn't technically mandatory, and you definitely don't have to connect the new disk on the old disk's SATA port, but I would still disconnect the old disk when you initially try to boot from the new one. The reason is that if you need to run Fix Boot Problems and have multiple disks each containing Windows installations connected at the same time, you might end up with undesirable results. For example, you could end up choosing the wrong Windows installation, or the wizard might assume you're trying to set up a dual boot scenario, in which case it might set up your your system to always boot from the Windows Boot Manager file on Disk #1, and then set the Windows BCD on that disk to contain entries for two different Windows installations, one on that disk and one on Disk #2. The problem there is that a) you obviously didn't intend to create a dual boot setup, and b) Disk #2 might not be set up to be independently bootable if Disk #1 were ever removed. All that said, I've never tried running Fix Boot Problems while both the source and destination from a clone job were still connected, so it might work fine, but it's not how I personally would do it.
     
  24. j0w

    j0w Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    6
    I think that my UEFI populates the boot list. Eg: when I boot with my pendrive with Marcium Reflect Rescue Media plugged in, it appears twice on the list: one with "Legacy" before the name and another with "UEFI" before the name.

    Let's suppose that I cloned my Windows 8.1 to the new SSD and tried boot with both disks connected. Something bad is going to happen or just the new drive don't will boot up?
     
  25. jphughan

    jphughan Registered Member

    Joined:
    May 3, 2018
    Posts:
    201
    Location:
    US
    If you don’t actually need to boot Legacy environments, you shouldn’t keep Legacy support enabled. It just becomes a potential problem (booting in the “wrong” mode can have consequences for Rescue Media operation and especially for OS installations), and keeping Legacy boot available means you can’t enable Secure Boot, which is a nice anti-rootkit feature. Windows 8 and above, and their corresponding WinPE versions, support UEFI with Secure Boot, and even some Linux distros support Secure Boot. And most if not all recent distros at least support UEFI, so consider at least disabling Legacy mode support by disabling UEFI-CSM (Compatibility Support Module), and then also consider also enabling Secure Boot unless you know it will break something you regularly use.

    As to your boot scenario, just attempting to boot with both disks connected wouldn’t break anything, but it probably won’t boot from the new SSD or at least wouldn’t do so correctly because again, although the standard bootloader file does exist on the EFI partition of Windows disks, Windows Boot Manager does not use that file, and that’s not the file that it registers with UEFI firmware. Additionally, while a boot attempt would be benign (though not likely fruitful), running Fix Boot Problems with both disks connected MIGHT have some adverse consequences if it makes fixes based on incorrect assumptions.

    I really don’t understand why you’re so reluctant to just disconnect either end of the source drive’s SATA cable or its power cable temporarily. How user-unfriendly can your PC possibly be that the uncertainty I’ve been describing seems potentially worth dealing with over having to disconnect a cable?
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.