Our thinking


Can’t image a new Windows 10 machine with Clonezilla, NTFS partition shows as RAW

I had an issue today with trying to create an image of a brand-new Windows 10 laptop (HP EliteBook x360 in case you were wondering). When running Clonezilla, the main Windows partition, formatted as plain ol’ NTFS, was identified by Clonezilla as RAW, and it would have taken more than an hour and 240 GB to create an image, for a partition that only had around 30 GB used.

As it turns out, newer machines with Windows 10 and a TPM have BitLocker enabled by default, even though there is no password for the end-user. This is straight out of the box.

What this means is that Clonezilla, which can’t understand BitLocker encrypted partitions, can’t recognise or unlock the partition to create an image.

Fortunately there’s a very quick and easy way to turn the encryption off with manage-bde (Manage BitLocker Drive Encryption)

This handy utility, which must be run from a CMD prompt with elevated privileges, will show the BitLocker status of all partitions on the drive via:

manage-bde -status

This showed that the C: drive had BitLocker 2.0 enabled using XTS-AES 128 encryption and that it was encrypting only the used space on the drive. To turn it off, simply run:

manage-bde -off c:

This immediately begins decryption of the partition and you can view the progress using:

manage-bde -status c:

Once it reported that 0% of the drive was encrypted and that encryption was disabled, I was then able to boot into Clonezilla and create an image of the drive as usual.

11 thoughts on “Can’t image a new Windows 10 machine with Clonezilla, NTFS partition shows as RAW

  1. attention sous linux pour ecrire les pârtitions ntfs il faut absoluement charger le paquet ntfs-3g pour ecrire dedans. Pour uniquement les lire il faut monter les partitions en ntfs lire et ecrire les partitions fat32 il faut monter en vfat. genéralement pour manipuler les partitions windows on utilise windows et celles sous linux sous linux.
    (Translated by Google Translate: Beware under Linux, to write NTFS Partitions it is absolutely necessary to load the package ntfs-3g to write to them. To only read them, it is necessary to mount the partitions in ntfs to read and write to fat32 it is necessary to mount in vfat. Generally to handle the windows partitions one uses windows and those under linux under linux.

  2. Yes, in general you only want to be working with ntfs partitions within Windows.
    Clonezilla is a special case however as it’s a livecd (or live usb) based Linux distro specifically built to clone PC hard drives, and in particular, has very good support for NTFS built in. I believe Clonezilla does use ntfs-3g to work with NTFS partitions.

  3. The usb device should be on an NTFS format. Change your USB format from FAT32 to NTFS format and then you can now drag the folder or file that you wanted to transfer on your NTFS format Flash drive. Thats just it.

    1. No, this is not it – the source drive was NTFS and the partition on the USB hard drive for the Clonezilla images was also NTFS.
      The problem was definitely that the source drive was bit locker encrypted.

    1. Yeah, CloneZilla is definitely not pretty, or simple – but it’s solid and it works. I can’t get my head around the myriad of products and licensing options for Acronis, but I would prefer to use a GUI based tool. I do like that I can boot from CloneZilla and image an offline system, some other imaging utilities I’ve seen need to be installed and run from the live Windows system you’re trying to image.
      What Acronis products do you use for imaging?

      1. If you like a GUI, give redobackup-livecd-1.0.4 a try.
        It’s old an not maintained anymore, but there ar instructions on how to build your own one, with support for newer hardware and newer filesystems.

  4. Why are you saying, Clonezilla can’t understand BitLocker encrypted partitions? My C-drive is bitlocked and I never had any problems cloning it and restoring it at a later point.

    If you only use passwords to unlock, BitLocker will ask for the recovery key after restoring. Be sure you have the key written down.

    1. This was a while ago now, but in my experience with some brand-new HP laptops that had bit locker turned on from the factory, with no password set, just using (I assume) the TPM chip for crypto, Clonezilla was unable to see valid data on the SSD. As such, when I made an image of it, it imaged every. single. block of the SSD – so the image was 250 GB in size, instead of being just the size of the data in use.
      I must admit, I never tried to restore this image to a drive and see if it would unlock…

  5. I ran into this today on a Dell Inspiron 7415 2 in 1.
    I had the new SSD in the laptop and the stock ssd in a usb interface when I noticed the RAW copy mode being used. I can confirm that the raw copy booted without issue.
    Now I have EFI, C:, two recovery partitions and then the free space to deal with.

    1. Wow, this is an old post, I’m surprised it’s still getting views.

      As long as you’re imaging to and from the same machine (so the BitLocker keys are stored in the TPM) it’ll be more time consuming, but should work OK.

      What will probably not work is taking this image and restoring it to a different machine – at least not without entering the BitLocker key on boot.

Leave a Reply