Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
Acronis Backup (BU) Using Rotating USB Drives.docx Page 1 of 29 10/28/18 12:13:00
1. Acronis True Image Backup (BU) Using Rotating USB Drives
1.1 Overview
Requirement: Backup a laptop system (Windows 10 x64) and data to rotating USB attached drives.
As part of the requirement two Bitlocker encrypted backup drives will be utilized and hold the backups
generated. While one backup drive is on-site the other drive will be off-site.
NOTE: Every time an encrypted drive is reconnected to a PC it will be necessary to unlock the drive
using the Bitlocker password unless you have used the advanced options which are described below.
For better security the Bitlocker password should NOT be the same as your PC logon password.
1.2 Unlocking Bitlocker Drive
In your file manager, right-click on the drive and select “Unlock Drive”
Enter the Bitlocker password
Note: It is possible to automatically unlock the USB Bitlocker drive on a PC. In the above image, click
on “More Options”
Acronis Backup (BU) Using Rotating USB Drives.docx Page 2 of 29 10/28/18 12:13:00
Check the box for “Automatically unlock on this PC” and then click the “Unlock” button. In the
future when you connect the drive to the PC you will have direct access to the drive without entering
the Bitlocker password.
1.2.1 Store all passwords in safe location
I use the free application Keepass to store all of my passwords, see
https://keepass.info/download.html.
1.3 Hardware required
Two USB backup drives, I used two 4TB drives to ensure I had enough space to keep several
versions.
Both drives are using BitLocker to secure the contents of the True Image TIB (backup) files and other
data on the drives.
See the section below, “BitLocker”
1.4 Option 1
1.4.1 Create two BAT files to use with Acronis True Image
NOTE: This method uses the Post/Pre Advanced option in the task setup within True Image. There is
one condition, e.g. one USB drive attached, that will create a false failure for the drive that is not
attached. I was not able to find a work around for this. When either of the USB drives are not attached
the task for that drive will attempt to run and fail. However the backup for the attached drive will run.
NOTE: Option 2 (see below) does NOT create the false failure, for this reason I used Option 2.
NOTE: There WILL BE some minor additional changes you will make to the following.
The REM lines are not necessary, I removed the REM for testing the batch files.
I used “Odd” and “Even” just to identify if the drive was for the odd week or the even week of the year.
Acronis Backup (BU) Using Rotating USB Drives.docx Page 3 of 29 10/28/18 12:13:00
Thanks to Steve Smith, Acronis MVP for the original contents of BAT file. I have slightly modified it for
my use.
Create two batch files (ATI-EvenBU.bat, ATI-OddBU.bat) with the following contents on a local drive.
The drive MUST be accessible at all times. I placed the files on the boot drive at the root level.
1.4.1.1 Even Batch file
echo off
Title BAT file to test presence for ODD or EVEN BU drive
REM echo now test to see if the Even BU drive is connected
REM pause
if not exist Y:\Y-Even-BU-Drive.txt (
REM The IF test did succeed thus the drive is NOT connected
Rem echo The drive is NOT connected
rem pause
exit /b 1
)
1.4.1.2 Odd Batch file
echo off
Title BAT file to test presence for ODD or EVEN BU drive
REM echo now test to see if the Even BU drive is connected
REM pause
if not exist Z:\Z-Odd-BU-Drive.txt (
REM The IF test did succeed thus the drive is NOT connected
rem echo The drive is NOT connected
rem pause
exit /b 1
Acronis Backup (BU) Using Rotating USB Drives.docx Page 4 of 29 10/28/18 12:13:00
)
REM echo The drive is connected
REM Pause
1.4.2 Configure the USB drives
There are several necessary steps to properly setup your drives.
1. Format the drives, use NTFS as the format option.
2. Determine what drive letters you want assigned to the two drives. I used X & Y to help ensure
there would be no conflicts with other drives.
3. Determine what labels you want assigned to each drive. Because I have a large number of
drives (a total of 11 internal drives) on my desktop I used what I call meaningful labels such
as WD-X-EVEN-4TB and WD-Y-ODD-4TB. This is what I call a meaningful drive label.
3.1. WD-X-EVEN-4TB, WD = Western Digital, the manufactory of the drive
3.2. WD-X-EVEN-4TB, X or Y, the Drive letter
3.3. WD-X-EVEN-4TB, Odd/Even to identify the odd/even week of the year
3.4. WD-X-EVEN-4TB, 4TB = the size of the drive
4. Create two empty text files and place them on the appropriate drives. These will be used by the
two batch files (ATI-EvenBU.bat, ATI-OddBU.bat) files to determine if the Even/Odd drive is
connected.
4.1. Z-Odd-BU-Drive.txt
4.2. Y-Even-BU-Drive.txt
1.4.3 Acronis True Image Task
It will be necessary to create two Acronis True Image backup tasks, e.g. one for the ODD week and
one for the EVEN week. To ensure that they are near identical, create and test the first task. When
you are confident that all is working correctly in ATI select the first task, clone the settings and make
the necessary changes for the 2nd task, more on this later.
1.4.3.1 ATI ODD task
The actual names of the task can be whatever you desire as long it is meaningful to you. I used
MT-Odd-Z ATI-OddBU.bat and
MT-Even-Y ATI-EvenBU.bat
1. Open ATI
2. Click BACKUP in the left NAV pane
3. At the bottom left side click on “Add backup”
4. Enter the name of the task (I used “MT-Odd-Z ATI-OddBU.bat ”)
Acronis Backup (BU) Using Rotating USB Drives.docx Page 5 of 29 10/28/18 12:13:00
5. Ensure the source is correct (I selected Entire PC, on this PC I only have one drive with one
partition.)
6. Ensured the destination is correct (I used “Z:\BU\Acronis\”)
7. In the ATI main window click the “Options” button
8. Schedule tab
a. Enter the time you desire the backup to run. (I needed daily backups)
9. Backup scheme
a. Backup scheme – I used a scheme that was previously defined.
b. Backup method – I used full because:
i. The total size was reasonably small. If it becomes large then I might use
incremental.
ii. This is a mission critical system and the data is as important as the OS.
c. Automatic cleanup has been turned on and I will keep 10 recent versions.
10. Notifications
Acronis Backup (BU) Using Rotating USB Drives.docx Page 6 of 29 10/28/18 12:13:00
a. Check “Show notification message on insufficient free disk space”
b. Determine how much free space you need, I set the value to 50 GB. Currently, this is
enough room for one backup for me.
c. To: email-addresses, I entered multiple email addresses
d. Subject: %COMPUTER_NAME% Odd Drive %OPERATION_STATUS% Acronis True
Image (NOTE: I changed the default message to what is more meaningful for me.)
e. Server: smtp.gmail.com (These settings are for gmail)
i. Encryption: TLS
ii. Port: 587
iii. Check SMTP authentication
iv. Email-address
v. Enter your password
f. Click “Send test message” to ensure all settings are correct.
11. The following image shows the subject of emails received during my test. When everything is
implemented similar emails will be received each time ATI runs. This makes it much easier to
identify problems, especially if you have multiple systems.
12. Exclusions – I accepted the defaults
13. Advanced Pre/Post commands
Acronis Backup (BU) Using Rotating USB Drives.docx Page 7 of 29 10/28/18 12:13:00
14. Click the EDIT button
a. Click the browse button
b. Find your batch file, when you select the appropriate file and click the Open button ATI
will put the correct information in the Command line and
c. The Working Directory line
d. Ensure the appropriate USB drive is connected and click the “Test command” button
and confirm you have success.
e. Click the OK button
f. Ensure the Pre-command looks something like the following image.
15. Advanced “Validation” once a week at 0151 hours.
Acronis Backup (BU) Using Rotating USB Drives.docx Page 8 of 29 10/28/18 12:13:00
16. Click the OK button
17. Click the “Back up now” button and ensure the task runs correctly.
1.4.3.2 ATI EVEN task
1. Open ATI
2. Right-click on the ODD task and select “Clone settings”
Acronis Backup (BU) Using Rotating USB Drives.docx Page 9 of 29 10/28/18 12:13:00
3. Right-click on the cloned task entry and select “Rename”, rename the task to “MT-Even-Y ATI-
EvenBU.bat .
4. Connect the 2nd backup drive
5. Remove the 1st backup drive (the Odd Z drive).
6. Select the “MT-Even-Y ATI-EvenBU.bat ” task.
7. Change the destination of the backup from “Z:\BU\Acronis” to “Y:\BU\Acronis”
8. In ATI click the “Back up now” button. You should now see ATI running. This will create the ATI
.tis file in the C:\ProgramData\Acronis\TrueImageHome\Scripts folder.
9. Confirm that the backup was successful
1.4.4 Test the Two ATI tasks
1.4.4.1 Test with One drive removed
In the batch file if the backup drive is not connected the line “exit /b 1” will execute, thus the batch
function will exit and issue a return code of 1. Currently ATI will except this as a failure and abort the
backup operation. Hopefully Acronis will enhance True Image where it will abort the backup operation
and not consider it a failure under certain conditions.
1.4.4.2 Test with both drives removed
Currently the two batch files do not test for both drives removed. In this situation both task will fail
when they attempt to run.
Acronis Backup (BU) Using Rotating USB Drives.docx Page 10 of 29 10/28/18 12:13:00
1.5 Option 2 Create one batch file and use the Windows Task Scheduler
By using one batch file and the Windows Task Scheduler you can test for either drive and if neither is
attached an email will be sent stating such. This would be a valid failure.
NOTE: This procedure does NOT produce the false failure that Option 1 does. This is the procedure I
used.
1.5.1 Batch File Example for Option 2
NOTE: In my test system the laptop harddrive had two partitions (1) “C” which was the boot, and (2)
“E” which was for the data. All of the ATI files I created were placed at the root of the “E” partition.
On the production system the laptop harddrive had only one partition and all of the ATI files I created
were placed in a folder (ATI) of the “C” drive, e.g. C:\ATI.
For the filename I used “BackupToCorrectDrive.BAT”
echo off
REM First let’s test to see if one BU drive is attached.
set BU-Drive-Attached=false
REM Is the 1st drive attached
if exist Z:\Z-Odd-BU-Drive.txt set BU-Drive-Attached=true
REM is the 2nd drive attached
if exist Y:\Y-Even-BU-Drive.txt set BU-Drive-Attached=true
if "%BU-Drive-Attached%" == "true" (
goto RunBU
)
REM If you got here then NO BU drive is attached and you need to send an email
REM stating such. This is a true failure.
E:\sendEmail.exe -f [email protected] -t [email protected] -s smtp.gmail.com:587 -xu
[email protected] -xp gmail-password -o tls=auto -u "MT-LT Backup failed No BU Drive
Attached" -m "No backup was created because No USB Backup Drive Attached"
REM Exit and return error code of 1
exit /b 1
:RunBU
REM If you got here then one of the BU drives is attached
Acronis Backup (BU) Using Rotating USB Drives.docx Page 11 of 29 10/28/18 12:13:00
set ATI="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe"
%ATI%
timeout /t 30
REM It is necessary for you to determine the True Image Script being used, you will find them
REM at C:\ProgramData\Acronis\TrueImageHome\Scripts
set ODD=803296A5-7923-4AB2-92D0-1312BE1218C8
set EVEN=3C6E4E55-9429-4F13-B411-AF1CFDEB4EFD
if exist Z:\Z-Odd-BU-Drive.txt goto OddBU
if exist Y:\Y-Even-BU-Drive.txt goto EvenBU
goto cleanup
:OddBU
rem echo Odd backup
Echo "ATI working" > e:\ATIworking.txt
REM Create a text file when True Image starts, this will be deleted later
%ATI% /script:%ODD%
:repeat-odd
If exist E:\ATIworking.txt goto loop-odd
goto cleanup
:loop-odd
timeout /t 180
REM This will force the BATCH file to loop until True Image has completed the BU
goto repeat-odd
:EvenBU
rem echo Even backup
Echo "ATI working" > e:\ATIworking.txt
Acronis Backup (BU) Using Rotating USB Drives.docx Page 12 of 29 10/28/18 12:13:00
%ATI% /script:%EVEN%
:repeat-even
If exist E:\ATIworking.txt goto loop-even
goto cleanup
:loop-even
timeout /t 180
goto repeat-even
:cleanup
REM True Image has completed thus we now need to cleanup
rem echo Now cleanup
rem The following will close True Image
WMIC PROCESS WHERE Name="trueimage.exe" CALL Terminate
rem pause
exit
1.5.1.1 SendEmail from Batch
Download SendEmail: http://caspian.dotconf.net/menu/Software/SendEmail/
Syntax: Drive:\pathto\sendEmail.exe -f [email protected] -t [email protected] -s
smtp.gmail.com:587 -xu gmail_username -xp gmail_password -o tls=auto -u "Subject" -m "Body"
Acronis Backup (BU) Using Rotating USB Drives.docx Page 13 of 29 10/28/18 12:13:00
Written by: Brandon Zehm <[email protected]>
http://caspian.dotconf.net/
http://www.tsheets.com/
NOTE: It is possible for you to create a procedure to send an email but it would be time consuming
and is subject to errors. You can implement SendEmail in less than five minutes.
1.5.1.1.1 How do I install it?
Simply download, extract, and run "sendEmail" from a command prompt on in a batch file (I executed
SendEmail within the batch file, see below, it will give a usage summary. It is written in Perl, so no
compilation needed. On a unix system if your perl binary is not installed at /usr/bin/perl you may need
Acronis Backup (BU) Using Rotating USB Drives.docx Page 14 of 29 10/28/18 12:13:00
to edit the first line of the script. If you're running a Microsoft OS you may need to put a .pl extension
on sendEmail so Windows will know to associate it with perl.
Place a copy of SendEmail.exe at the same location you placed the ATI-EvenBU.bat and ATI-
OddBU.bat. On my test laptop this was the root of the E partition, on the production system it was the
C:\ATI folder.
1.5.1.1.2 TLS Support
Starting with sendEmail v1.54, TLS support is included! To enable TLS support simply install the
Net::SSLeay and IO::Socket::SSL perl modules. The following new command line parameters are
now available:
-o tls=auto This is the default, TLS will be used if possible.
-o tls=yes Use this to require TLS for message delivery.
-o tls=no Use this to disable TLS support.
If TLS is giving strange errors, try upgrading the Net::SSLeay and IO::Socket::SSL perl modules.
Please do NOT report TLS bugs unless you have already done this! If you're running up-to-date
versions of these modules and you are getting TLS errors, your detailed bug report will be
appreciated. Yes, you can finally use SendEmail to send messages to your GMail account :)
1.5.1.1.3 SendEmail
NOTE: Option 2 utilizes “SendEmail” to send an email if no USB drive is attached when ATI attempts
to run.
SendEmail is a lightweight, completely command line based, SMTP email agent. If you have the need
to send email from the command line, this tool is perfect. It was designed to be used in batch scripts,
Perl programs, and web sites, but it is also quite useful in many other contexts. SendEmail is written
in Perl and is unique in that it requires NO SPECIAL MODULES. It has an intuitive and flexible set of
command-line options, making it very easy to learn and use.
1.5.2 ATI-WorkingFinished.bat
This is a very simple two line batch file that will delete the “ATIworking.txt” file created by the
above batch file. It is executed by the ATI Task Post command, see the following image.
echo off
del e:\ATIworking.txt
Acronis Backup (BU) Using Rotating USB Drives.docx Page 15 of 29 10/28/18 12:13:00
1.5.3 True Image Task
NOTE: There are slight differences for the Acronis True Image (ATI) task depending on which option
(e.g. option one or option two) you use. I suggest Option two.
Option 1 Option 2
Create two ATI task
Even-Y ATI
Odd-Z ATI
Create two ATI task
Even-Y BackUpToCorrectDrive
Odd-Z BackUpToCorrectDrive
Schedule controlled by ATI, Daily Schedule controlled by Windows Task Scheduler, Daily
Backup scheme – I used full, store no more than 7
Backup scheme – I used full, store no more than 7
Notifications – Sent to multiple users
Subject: %COMPUTER_NAME% Even Drive %OPERATION_STATUS% Acronis True Image
Or
%COMPUTER_NAME% Odd Drive %OPERATION_STATUS% Acronis True Image
Notifications – Sent to multiple users
Subject: %COMPUTER_NAME% Even Drive BTCD %OPERATION_STATUS% Acronis True Image
Or
%COMPUTER_NAME% Odd Drive BTCD %OPERATION_STATUS% Acronis True Image
Advanced, Pre-command
E:\ATI-EvenBU.bat
Advanced, Post-command
E:\ATI-WorkingFinished.bat
Acronis Backup (BU) Using Rotating USB Drives.docx Page 16 of 29 10/28/18 12:13:00
Option 1 Option 2
SendEmail (free utility, I suggest making a donation) is used to send an email if no USB drive is attached when ATI attempts to run.
Batch file must contain statement to close ATI when it completes the backup.
WMIC PROCESS WHERE Name="trueimage.exe" CALL Terminate
Utilizes ATI-WorkingFinished.bat
Just as Option 1 it will be necessary for you to create two ATI task. I used the following names.
MT-Odd-Z BackupToCorrectDrive
MT-Even-Y BackupToCorrectDrive
1.5.3.1 ATI Odd Task
18. Open ATI
19. Click BACKUP in the left NAV pane
20. At the bottom left side click on “Add backup”
21. Enter the name of the task (I used “MT-Odd-Z BackupToCorrectDrive”)
22. Ensure the source is correct (I selected Entire PC, on this PC I only have one drive with one
partition.)
23. Ensured the destination is correct (I used “Z:\BU\Acronis\”)
24. In the ATI main window click the “Options” button
Acronis Backup (BU) Using Rotating USB Drives.docx Page 17 of 29 10/28/18 12:13:00
25. Schedule tab NOTE: there will be NO ATI schedule for this task, you will use the Windows
Task Scheduler, therefore select the option “Do not schedule”.
26. Backup scheme
a. Backup scheme – I used a scheme that was previously defined.
b. Backup method – I used full because:
i. The total size was reasonably small. If it becomes large then I might use
incremental.
ii. This is a mission critical system and the data is as important as the OS.
c. Automatic cleanup has been turned on and I will keep 10 recent versions.
Acronis Backup (BU) Using Rotating USB Drives.docx Page 18 of 29 10/28/18 12:13:00
27. Notifications
a. Check “Show notification message on insufficient free disk space”
b. Determine how much free space you need, I set the value to 50 GB. Currently, this is
enough room for one backup for me.
c. To: email-addresses, I entered multiple email addresses
d. Subject: %COMPUTER_NAME% Odd BTCD %OPERATION_STATUS% Acronis
True Image (NOTE: I changed the default message to what is more meaningful for me.)
e. Server: smtp.gmail.com (These settings are for gmail)
i. Encryption: TLS
ii. Port: 587
iii. Check SMTP authentication
iv. Email-address
v. Enter your password
f. Click “Send test message” to ensure all settings are correct.
28. The following image shows the subject of emails received during my test from various
systems. When everything is implemented similar emails will be received each time ATI runs.
This makes it much easier to identify problems, especially if you have multiple systems.
29. Exclusions – I accepted the defaults
Acronis Backup (BU) Using Rotating USB Drives.docx Page 19 of 29 10/28/18 12:13:00
30. Advanced Pre/Post commands
31. Click the EDIT button
a. Click the browse button
b. Find your batch file, when you select the appropriate file and click the Open button ATI
will put the correct information in the Command line and
c. The Working Directory line
d. Ensure the appropriate USB drive is connected and click the “Test command” button
and confirm you have success.
e. Click the OK button
f. Ensure the Post-command looks something like the following image.
Acronis Backup (BU) Using Rotating USB Drives.docx Page 20 of 29 10/28/18 12:13:00
32. Advanced “Validation” once a week at 0151 hours.
33. Click the OK button
34. Click the “Back up now” button and ensure the task runs correctly.
Acronis Backup (BU) Using Rotating USB Drives.docx Page 21 of 29 10/28/18 12:13:00
1.5.3.2 ATI EVEN task
1. Open ATI
2. Right-click on the ODD task and select “Clone settings”
3. Right-click on the cloned task entry and select “Rename”, rename the task to “MT-Even-Y
BackupToCorrectDrive
4. Connect the 2nd backup drive
5. Remove the 1st backup drive (the Odd Z drive).
6. Select the “MT-Even-Y BackupToCorrectDrive” task.
7. Change the destination of the backup from “Z:\BU\Acronis” to “Y:\BU\Acronis”
8. Change the notification subject in the task to “%COMPUTER_NAME% Even BTCD
%OPERATION_STATUS% Acronis True Image”.
9. In ATI click the “Back up now” button. You should now see ATI running. This will create the ATI
.tis file in the C:\ProgramData\Acronis\TrueImageHome\Scripts folder.
10. Confirm that the backup was successful
Acronis Backup (BU) Using Rotating USB Drives.docx Page 22 of 29 10/28/18 12:13:00
1.5.4 Windows Task Scheduler
1. Click the lower-left Start button
2. Enter task in the empty box and select Task Schedule from the results.
3. In the Task Scheduler window right-click on “Task Scheduler Library” and select “Create
Basic Task”
Acronis Backup (BU) Using Rotating USB Drives.docx Page 23 of 29 10/28/18 12:13:00
4. Under Create Basic Task, type in the name you like (I used “Acronis BU to Rotating Drives”),
select “Run whether user is logged on or not”, check “Run with highest privileges” and
click Next.
5. Click on the Trigger tab
5.1. Click on “New”
5.2. Ensure “Begin the task” is set to “On a schedule”
5.3. Trigger select the option you like, I selected “Daily”
5.4. Select the start date and time you want the task to run.
5.5. Accept default value of 1 for days
5.6. Check “Stop task if it runs longer than” and enter a value that you know is long
enough for your backup.
5.7. Check “Enable”
5.8. Click “OK”
Acronis Backup (BU) Using Rotating USB Drives.docx Page 24 of 29 10/28/18 12:13:00
6. Select the “Actions” tab
6.1. Click the “New” button
6.2. Ensure “Action” is “Start a program”
6.3. Click the “Browse” button
6.4. Find the “BackupToCorrectDrive.bat”, select it and click the “Open” button.
6.5. Click the “OK” button
7. Select the “Conditions” tab, in the “Power” section
7.1. Check the box “Start the task only if the computer is on AC power”
7.2. Check the box “Stop if the computer switches to battery power
7.3. Check the box “Wake the computer to run this task”
Acronis Backup (BU) Using Rotating USB Drives.docx Page 25 of 29 10/28/18 12:13:00
8. Select the Settings tab
8.1. Check the box “Allow task to be run on demand”
8.2. Check the box “Run task as soon as possible after a scheduled start is missed”
8.3. Check the box “If the task fails, restart every” pick the best value for you.
8.4. Pick a value for “Attempt to restart up to” that is best for you.
8.5. Check the box “Stop the task if it runs longer than”, pick the best value for you.
8.6. Check the box “If the running task does not end when requested, force it to stop”
8.7. Ensure the selection at the bottom of the window is “Do not start a new instance”
9. Note the “History” tab states that the history is disabled. This will be resolved shortly.
10. Click the “OK” button
Acronis Backup (BU) Using Rotating USB Drives.docx Page 26 of 29 10/28/18 12:13:00
11. Enter your system password, click the “OK” button
12. In the main Task Scheduler window note that the task we just created the History is disabled.
13. On the right side of the Task Scheduler window in the Actions section click “Enable All
Tasks History” The history will be helpful if something wrong. Not sure why this isn't on by
default, but it isn't.
Acronis Backup (BU) Using Rotating USB Drives.docx Page 27 of 29 10/28/18 12:13:00
14. I suggest that you now test the task you just created by clicking Run in the Selected Item
section. Optionally you can set the time to the current time plus 2 minutes and then wait for
the task to execute.
15. Close the Task Scheduler window.
1.6 BitLocker
BitLocker Drive Encryption is a data protection feature that integrates with the operating system
and addresses the threats of data theft or exposure from lost, stolen, or inappropriately
decommissioned computers. Both options do not provide the pre-startup system integrity verification
offered by BitLocker with a TPM chip.
TPM is a Trusted Platform Module (TPM) which is a specialized chip on an endpoint device that
stores RSA encryption keys specific to the host system for hardware authentication. Each TPM chip
contains an RSA key pair called the Endorsement Key (EK). The pair is maintained inside the chip
and cannot be accessed by software.
In my setup, my test system did NOT have the TPM chip whereas the production system did have a
TPM chip. Both system required that the BitLocker password be entered to utilize the BitLocker
encrypted harddrive.
1.6.1 Find my BitLocker recovery key
https://support.microsoft.com/en-us/help/4026181/windows-10-find-my-bitlocker-recovery-key
Places to look for your BitLocker key:
On a printout you saved. Look in places you keep important papers.
Saved on a USB flash drive. Plug the USB flash drive in to your locked PC and follow
the instructions. If you saved the key as a text file on the flash drive, use a different
computer to read the text file.
In your Microsoft account. To get your recovery key, go to BitLocker Recovery Keys.
In your Azure Active Directory account. For work PCs where you sign in with an
Azure Active Directory account, to get your recovery key, see the device info for your
Microsoft Azure account.
Acronis Backup (BU) Using Rotating USB Drives.docx Page 28 of 29 10/28/18 12:13:00
Or ask someone for help:
Ask someone with administrator privileges on the same PC to unlock it with their key.
If your PC is connected to a domain (usually a work or school computer), ask a system
administrator for your recovery key.
If you still can't get in, you'll need to reset your PC. Learn how.
If you want to make a backup of your BitLocker recovery key: Select the Start button,
type BitLocker, select Manage BitLocker from the list of results, select Back up your
recovery key, and follow the prompts for your preferred backup method.
1.6.2 Recovery Key Example
After you have applied BitLocker to a drive you can save a copy of the recovery key to a USB
thumbdrive. An example of the recovery file (BitLocker Recovery Key F17B36B1-D738-4417-885A-
BCC559D4D8FD.TXT) is in the following image.
1.6.3 Recovery Key File Contents
Following is an example of the Recovery Key File contents.
Acronis Backup (BU) Using Rotating USB Drives.docx Page 29 of 29 10/28/18 12:13:00