image(backup) an encrypted unbootable Surface Pro

[pcpete]

We came across our first Surface Pro which we needed to do a backup on. As some of you may know, it is encrypted by default. That means you cannot do a lot of stuff the normal way, in particular backing it up. We used a simple method that worked well for us.

First we booted it up with Windows install media, this will allow you to enter a key to decrypt the drive. It appears this key is often saved online in your Microsoft Windows account tied to the Surface Pro. Then open up a command prompt.

Second we want to do a full image backup of the system as our normal procedure. We used the same command we do for backing up images that we use for image installs.

Dism /Capture-Image /ImageFile:X:\name-of-image-file.wim /CaptureDir:XX:\ /Name:”any label”

X = drive letter of your backup drive
XX = drive letter of the OS main partition you are imaging(backing up)

Third we want to extract the files from the image as a way of verifying its validity and taking a visual look at the files. We do this by mounting the image we previously backed up in the second step. We use this command

Dism /Mount-Image /ImageFile:X:\name-of-image-backup.wim /index:1 /MountDir:C:\mnt

X = drive letter of image file location

c:\mnt is a folder that you connect the image to so you can browse it. you can create any folder you want. I chose c:\mnt because it just reminds me of linux. if you navigate to c:\mnt you will see your whole windows file system from the previously encrypted machine. At this point you can copy the user file which are needed from it.

 

[jft135]

Cool. Now if there was only a good way to back up broken ones when the customer doesn't know their key.

This is one of my biggest beefs with on by default encryption that is starting to show up all over the place. Encryption is a double edged sword, and is very risky for the typical user who never backs up.

 

[pcpete]

A couple of things I forgot. You will need to install Windows 8.1 ADK which includes dism.exe on your work station. Second you will want to unmount the image when you are finished. below is a link to the command to do that along with others

https://technet.microsoft.com/en-us/library/hh824814.aspx

 

[Altster]

Pardon my question here, but how would a bootable Linux work with the encrypted M$ files?

 

[pcpete]

Pardon my question here, but how would a bootable Linux work with the encrypted M$ files?

I think if you can install bitlocker on your linux system it might work.

 

[nlinecomputers]

I think if you can install bitlocker on your linux system it might work.

Neat trick considering that Bitlocker is windows only....

 

[seedubya]

Pardon my question here, but how would a bootable Linux work with the encrypted M$ files?

What now? He only said that it reminded him of Linux, not that it actually was Linux. The MS documentation recommends using C:\mnt as your folder for mounting images from.

 

[Slaters Kustum Machines]

You can access Bitlocker drives with Linux, though obviously not as easily as Windows:

 

[GTP]

You can access Bitlocker drives with Linux, though obviously not as easily as Windows:

Excellent "tutorial" though, thanks!

 

[NviGate Systems]

If a customer added a Microsoft Account to the Surface, the drive recovery key typically is stored in OneDrive. There is a command you can run in Recovery that will unlock the drive.