Client-9.3-9.6 Backup and Restore

As you study this section, answer the following questions: - What type of data is backed up with a system image backup? - Why should you test restore methods? - Where should you store backup media? - What types of media can Backup and Restore write to? - What is the difference between Backup and Restore and File History? In this section, you will learn to: - Create backups in Windows - Back up a computer - Configure File History A *backup* is an archived copy of data you can use to restore corrupt or lost data in the event of a hardware or system failure. You must perform backups while the system is in good working order. In other words, you must plan for disasters and take the necessary actions to protect systems before there is a problem. This lesson covers the following topics: - Data types - Backup methods - Backup frequency - Windows Backup and Restore - Windows File History - Backup considerations **Data Types** Backup tools can be used to protect different types of data: - **System state data**\ This includes all the files required to boot and run the computer. System state data includes the operating system files, the registry, drivers, and configuration files. - **User data\ **This includes all data files modified and saved by users (or applications that users run). User data is critical data for a company. Because user data changes constantly, back up the user data frequently and regularly. - **Application data\ **This includes files installed by an application and application configuration files. Application data changes following the installation of an application or following a configuration change. Depending on the system you are using, a backup of system state data might include application file backup. - **Image backup data**\ This includes everything on a system\'s hard drive, including the operating system files, applications, and user data. **Backup Methods** A full backup: - Backs up all files--even those that have not changed since the previous backup. - Takes longer to complete than an incremental backup. - Is faster to restore than an incremental backup. - Is usually run weekly. An incremental backup: - Backs up every file that has changed since the last full or incremental backup. - Completes faster than a full backup. - Can be completed daily. - Takes longer to restore than a full backup because you must restore the full backup, and then restore each incremental backup in the order it was created. A differential backup: - Backs up every file that has changed since the last full backup. - Takes longer to complete than an incremental backup. - Is faster to recover than an incremental backup because there are only two files to restore (the full and the differential). - Requires more space and bandwidth than an incremental backup. A synthetic backup: - Merges the benefits of a full backup with the benefits of an incremental backup. - Compares the data found in the last full backup with the current content and uploads only the changes. - Takes less time and fewer resources than a full backup. - Should not be used in place of regular full backups. **Backup Frequency** Perform backups according to a well-organized method using a consistent rotation scheme. Here are a few common rotation types: The grandfather-father-son backup rotation scheme works like this: - The grandfather is a full backup completed once a month and stored offsite. - The father is a full backup completed once a week and stored onsite. - The son is an incremental backup completed daily and stored onsite. The 3-2-1 backup rule involves maintaining three copies of the data. Two copies are kept onsite on two different types of devices. The third copy is kept offsite. The first in first out rule works by keeping data for a specific period and then saving over the oldest data once the time has elapsed. For example, if you save files for only 30 days, the 31st day\'s data is stored over the first day\'s data. **Windows Backup and Restore** Windows 11 includes the Backup and Restore feature from Windows 7. *Backup and Restore (Windows 7)* was available in Windows 8, removed in Windows 8.1, but returned in Windows 10. The *Backup and Restore (Windows 7)* tool allows you to restore any old Windows 7 backups onto a Windows 10 computer. The tool can also back up a Windows 10 or 11 PC in same way you back up a Windows 7 PC. This Backup and Restore (Windows 7) process is accessed as follows: 1. Connect to the device on which the backup files are stored. 2. From the taskbar, select **Search**. 3. Type **control panel**. 4. Select **Control Panel** from the *Best match* . 5. Under *System and Security* , select **Backup and Restore (Windows 7)**. Setup backup files A file backup, backs up specific files and folders to a compressed file. File backups do not include system files, program files, encrypted files, files in the Recycle Bin, user profile settings, or temporary files. To set up a new Windows backup: 1. Connect an external device to back up the files to. 2. Select **Set up backup**. Follow backup instructions. You can save backups to several different types of storage media: - Secondary internal hard drives - External hard drives - Optical drives - USB flash drives - Network shares You cannot save backup files to: - The same disk that is being backed up. - A disk containing the Windows operating system. - A tape drive. Create a system image A system image, everything on a system\'s hard drive, including the operating system files, applications, and user data. If a computer crashes due to corrupt files, you can use the system image to restore the computer to the backup point when everything was working correctly.\ To create a system image: 1. Select **Create a system image**. 2. Select the location to save the backup to. 3. Follow backup instructions. If you are unable to boot Windows, you will be unable to restore a system image. You can, however, use a recovery disc to restore the operating system so you can then restore the system image. Restore a backup To restore files from an existing backup: 1. Select the backup to restore files from. 2. Select the device that has the backup files stored on it. 3. Follow file restore instructions. **Windows File History** File History does not back up the entire system. - It only backs up the data in a user\'s profile. - A user can add folders to a library to back them up using File History. - File History backs up files in the background. - File History creates a shadow copy of user account files once every hour. This creates a snapshot of user account\'s files at a particular point in time. - After creating the shadow copy, Windows keeps track of the prior versions of those files. - Users can browse and restore previous versions of files backed up by File History. File History is disabled by default. - When enabling File History, you must specify the location for storing the backup. - You must use a drive other than the drive the user files are already on. - At least two drives must be implemented for the system to use File History. - A best practice is to use a second internal hard disk drive. However, you can also use external flash drives or hard disks. - When using an external drive, disable File History before disconnecting the external drive. When you enable File History, Windows monitors users\' libraries, desktop, contacts, and Internet Explorer favorites. - By default, File History checks once an hour to see if any data has changed since the last check. - File History saves copies of the changed files to the configured location. - Once File History is set up, a previous version of a file can be restored if a file gets lost or corrupted. A profile backup includes all the information stored in the user\'s library folders: - User data files, such as documents, music, and videos. - User preferences, such as the desktop background, screensaver, color schemes, contacts, browser favorites, etc. - User account details, such as the username, password, etc. To restore files with File History: 1. Connect to the device on which the backup files are stored. 2. From the taskbar, select **Search**. 3. Type **control panel**. 4. Select **Control Panel** from the *Best match* . 5. Under *System and Security* , select **Save backup copies of your files with File History**. 6. Follow the file restoration instructions. **Backup Considerations** Keep the following facts in mind when configuring backups: - Back up user data more often than system state data (it changes more frequently). - Backup system state data and applications (or make a restore point) before you make a system change. During a system state backup, all system configuration information is backed up. You can\'t selectively back up portions of system data. - Be sure to test the backup and restore strategy. Back up data is worthless if you can\'t restore it. - Store backup media offsite to prevent the same disaster from affecting the network and the backup media. You can automatically store backups offsite using network storage devices at another facility or cloud-based services. - Use the backup utility to schedule backups, or create a new task in the Scheduled Tasks folder in the Control Panel. **Backup Types** A backup is an archived data copy that can be used to restore corrupt or lost data. Backups must be performed while the system is in good working order. In other words, you should take the necessary actions to protect a system before a disaster happens and data is lost. On a Windows client, backups can be created using the following tools: - File History - Windows Backup and Restore (Windows 7) - OneDrive Although there are some similarities between these tools, it\'s important to understand each one\'s capabilities. (OneDrive is not covered specifically in this lesson.) **Back Up Using File History** Windows allows you to use File History to back up information associated with user profiles as well as other folders you may manually select. File History is not a system image and thus does not back up the entire system. A profile backup includes all of the information stored in the user\'s library folders, including such things as: - User data files (such as documents, music, and videos) - User preferences (such as desktop background, screensaver, color schemes, contacts, and browser favorites) - User account details (username and password) - Any other libraries created by the user File History backs up files in the background on a schedule you select. To create a backup, File History creates a shadow copy of user files. This creates a snapshot of files at a particular point in time. After creating the shadow copy, Windows keeps track of the prior versions of those files. Users can browse and restore previous versions of files once this is done. **Control Panel** File History backup options include the following: Back up now: This lets you perform a manual backup at any time outside of the regularly scheduled backups. Back up my files: This drop-down menu lets you select how often your files are backed up. Your options range from every 10 to 12 hours to choosing daily backups. Keep my backups: When a file has been modified, the next backup creates a second revision of the file. All backup files are maintained on the schedule you select. The option you select here determines when the backup files will be deleted. Your options include: - Until space is needed. - A number of months/years ranging between 1 month and 2 years. - Forever. Once a drive is full, no further backups will be made if you choose this option. Back up these folders: All folders (and their files) located in the user\'s profile will be included by default. You can select **Add a folder** to add any file or folder outside of the profile. Exclude these folders: This option lets you determine which folders will not be backed up. This is useful when you don\'t want to back up a subfolder. If you do not want to back up one of the default folders, it can be removed from the *Back up these folders* section. Back up to a different drive: After a backup drive has been selected, you may want to switch to a different drive. This options lets you disassociate the current drive from File History. Restore files from a current backup: This is a link to the File History tool. It lets you locate and restore any version of the files or folders that have been previously backed up. **Restore Using File History** Data backed up using File History can be restored using the File History restoration program. Follow these steps to find this program: 1. Open **Control Panel** and select **System and Security**. 2. Under **File History** , select **Restore your files with File History**. **green button** **Restore without Using File History** You can also restore a file without using the File History interface by going to File Explorer and taking the following steps: 1. Navigate to and select the desired **folder or file**. 2. Right-click on the **folder**. 3. Select **Show more options**. 4. Select **Restore previous versions**. 5. Select the desired **version**. 6. Click **Restore** \> **Restore To\...** **Settings** 1. Select **System**. 2. Select **Recovery**. 3. Select **Restart now**. 4. From **Troubleshoot** , select **Advanced options** \> **See more recovery options** \> **System Image Recovery**. In Windows, *OneDrive folder syncing* and *File History* are some of the methods used for backing up and recovering personal files in Windows. However, Windows also includes the Backup and Restore feature first implemented in Windows 7. This lesson covers the following topics: - Backup and Restore types - Backup and Restore setup - Scheduling backups - Restoring data - Permission requirements for backup **Backup and Restore Types** Backup and Restore support two types of backups: File backups: A file backup includes specified files and folders backed up to a compressed file. File backups do not include operating system files, program files, encrypted files (including EFS-encrypted files), files in the Recycle Bin, user profile settings, or temporary files. File backups are stored at the root of the backup destination drive in a file by the same name as the computer from which the backup was captured. Double-clicking this file is one way to begin the process of restoring files. System image backups: A system image backup consists of an entire volume backed up to a.vhdx file. It contains everything on the system volume, including the operating system, installed programs, drivers, and user data files. Only one system image can be saved on the selected destination location. This means that each time a system image is created, the old system image is deleted. The System image is created in the WindowsImageBackup folder. This folder is found at the root of the backup destination drive. It contains the following: - The folder named Catalog containing the GlobalCatalog and BackupGlobalCatalog files to track the backup image versions. - A folder named Backup plus the year, month, day, and time (Example: **Backup 2023-07-04 181820** ). This folder contains the.vhdx file. To access Backup and Restore: 1. Using **Search** from the taskbar, search for and open **Control Panel** . 2. From the Category view of Control Panel, select **Backup and Restore (Windows 7)** . **Backup and Restore Setup** Backup and Restore is disabled by default and must be set up. As part of the setup process, you select a drive on which to store your backups. When selecting the backup drive, be aware of the following requirements: - Backup and Restore backups can only be saved on an NTFS-formatted volume. - Backups can be created on the following destinations: - - Secondary internal hard drives - External hard drives - USB flash drives - Network shares - Network Attached Storage (NAS) or Storage Area Network (SAN). - Backups cannot be saved to the following locations: - - The disk being backed up - A system disk - A BitLocker-enabled volume - A tape drive After selecting the disk on which to save your images, you must decide which type of backup will be performed. Your options include the following: Let Windows choose (recommended): With this option, Windows will automatically backup your data files that are saved in the user profile. This includes the libraries, the desktop, and the Windows folders. Windows will also automatically create a system image, which can be used to restore your computer if it stops working. These items will be backed up on a regular schedule. Let me choose: This option lets you manually select the folders that will be backed up. These items will be backed up on a regular schedule. This option also gives you the ability to include a system image as part of its backup. **Scheduling Backups** Backup and Restore includes a scheduling feature to ensure that backups of your files are regularly created. By default, Backup and Restore will back up your data every Sunday at 7:00 p.m. However, you can create a custom schedule or disable the schedule so that backups are only created manually. The schedule can be modified using the Backup and Restore console. When scheduling backups, be aware of the following: - You can schedule only one backup using the Backup and Restore console. You cannot create multiple backup jobs and schedules. - Backups can be configured to occur only once every day, week, or month. - To perform the backup more frequently, use the Task Scheduler to configure multiple tasks or to execute the task more frequently. - With Task Scheduler, you can also set the day of the week backups are run and the time of day to start the backups, using one-hour increments. - Scheduled tasks must run with elevated privileges. When creating system images, be aware of the following: - You can use Backup and Restore to create a system image by selecting the Create a system image option from the Backup and Restore console. When creating a system image using this option, you can also create a system repair disk, which allows you to boot your computer from a DVD and restore the system image. - System image backups included with scheduled backups include only critical (system) volumes. - While additional volumes can be backed up, those volumes cannot be included in the system image backup. - System image backups will be disabled if the destination volume does not have sufficient disk space. - To schedule system image backups, create a task in Task Scheduler to run the wbadmin command. For example, enter the following command to back up the C: volume to the destination H: volume:\ **wbadmin start backup -backuptarget:h: -include:c:** - Schedule system image backups as specified in the organization\'s disaster recovery plan. If you no longer want Backup and Recovery to perform scheduled backups, from the Backup and Restore console, select **Turn off schedule**. **Restoring Data** Restoring files and folders can be done from the Backup and Restore console. After selecting the *Restore my files* option, the files and folders you want to be restored can be selected using the search feature, or you can browse for the desired files or folders. By default, all files will be restored to their latest version. To restore an older version, you select Choose a different date. Once selected, you can choose the backup that contains the files you want to restore. To use a system image to restore your entire drive, you must have a Windows system repair disk or the Windows installation media. If you do not have access to the installation media, the system repair disk can be created using the Backup and Restore tool. After booting from the system recovery disk, choose **Troubleshoot** and then Advanced options. From the **Advanced options**, select **System Image Recovery**. Then, choose your current Windows edition. This will scan your computer for an available image and give you the option to select the system image to restore. You can choose to manually locate the system image to use. Individual files cannot be restored from a system backup. You must restore the entire volume. **Permission Requirements for Backup** The permissions required to run backups include the following: - Elevated privileges are required to configure scheduled backups or to manually initiate a backup. An easy way to grant a user the necessary permissions while restricting unneeded access is to make the user a member of the Backup Operators group. - When performing a backup to a shared network folder, the user running the backup must have Full Control and effective permissions to the destination share. **Windows Data Restoration** File recovery uses backed-up versions of files to restore changed, damaged, or deleted data. The way this is done depends upon two factors: - The version of Windows in use - The tool that was used to back up the data On a Windows system, data can be restored in the following ways: File backup: File backups are created with the Backup and Restore console in Windows. File backups are stored as compressed files within the Backup Set folder of the backup destination disk. The file backup only contains the version of the file that was available when the backup was taken. To restore files within the Backup and Restore console, use one of the following options: - Select **Restore my files** and search for the file from the latest backup. - Select another backup to restore files from and search for the file in a previous backup. Previous Versions (shadow copies): Windows uses Previous Versions to automatically save snapshots of files and folders when restore points or File History backups are created. A restore point is a snapshot of the computer\'s state at a specific point in time. Restore points can store snapshots of user files as well as system state information. You can then use a restore point to restore a previous version of a file. Keep the following facts in mind about Previous Versions: - System Protection can be enabled for individual drives. It is disabled by default. - If System Protection is enabled, Windows automatically creates shadow copies (also called restore points) of files that have been modified since the last restore point was created. - The Volume Shadow Copy Service (VSS) implements and manages shadow copies. This service runs in the background and does not affect computer performance. - A new restore point is created every seven days or whenever a significant system change occurs. These changes include the installation of a new driver, app, or Windows update. These restore points can also be created manually. - The Restore system settings and previous versions of files option captures system settings and user files in each restore point. - In File History, the Restore previous versions of files option captures user files in each restore point but does not capture system settings. To restore shadow copies of files, open File Explorer and do one of the following: - Right-click the **file** and select **Show more options** ; then select **Restore previous versions**. - Open the file properties and use the **Previous Versions** tab. When restoring a previous version of a file, that version can be copied to a new location or restored to the same location. - Copy and replace - Don\'t copy - Copy but keep both files - An internal or external hard drive - An optical drive - A USB flash device - A network share (in Windows Professional and Enterprise editions) - A VHD file System image: System image backups are created with the Backup and Restore console. The backup process creates an image of the entire system and saves it as a VHD file.\ **Use a system image you created earlier** Windows File Recovery: If a file has been erased, the first place to look is the Recycle Bin. However, if the file cannot be restored from the Recycle Bin, you may be able to recover it using Windows File Recovery. Windows File Recovery is a command line application that can be purchased on the Microsoft Store.\ To use this feature: - Download the app from the Microsoft Store (if not yet installed). - Type **Windows File Recovery** into the search box on the taskbar. - Click **Yes** if you are asked to allow the app to make changes to your device. - Type **winfr source-drive: destination-drive:\[/switches\]** (note that the destination and source drives need to be different. Windows will create a recovery folder on the destination drive). There are three recovery modes, called default, segment, and signature. - Default mode is recommended for files that have been deleted recently. - Segment mode ( **/r** ) is recommended for files that were deleted a while ago, after a drive has been corrupted or after formatting a disk. - Signature mode ( **/x** ) is recommended for files that could not be recovered using segment mode. Signature mode is the only mode that supports the FAT file system. Windows File Recovery does not support cloud or network file recovery. **Windows Data Protection** In addition to using a file backup as mentioned above, Windows systems can also use the following additional methods to protect data: File History: File History is the go-to component to restore user libraries and user files, including offline OneDrive files. If File History is enabled, access **System and Security** within **Control Panel** and select **Restore your files with File History**. Use the file-browser interface displayed to identify the file that needs to be restored. Next, use the **forward** and **back** buttons to identify which previous version of the file is the one you want to restore. When found, click the **green restore button** to restore the previous version of that file. The following options are available: - Copy and replace - Don\'t copy - Compare info for both files. For this option, a conflict dialog is displayed that shows the current and previous version selected. Choose one of the preceding options or choose to keep both files. System image: System image backups can be created with the Backup and Restore console. A Windows system that is not bootable can be restored from a system image backup since these are saved as VHD files. To do so, boot into the Windows Recovery Environment and select **System Image Recovery** in the **Troubleshoot** \> **Advanced options** screen. (You cannot choose individual items to restore when using System Image Recovery.) Almost all software needs to be updated at some point. Some updates are necessary to fix errors that manifest themselves after the software has been released. Others are required to fix security problems that were discovered. Some updates may be required to add additional features that weren\'t initially included in the software. For these reasons, it\'s very important that you keep your operating system, applications, and device drivers up to date. This lesson covers the following topics: - Operating system updates - Windows Update Delivery Optimization (WUDO) - Servicing channels - Uninstalling updates **Operating System Updates** Windows operating system updates include: Quality updates: Quality updates: - Are deployed monthly (usually the second Tuesday of the month). - Include security fixes and software updates. - Include any missed updates. - Are identified using a number that is preceded by KB (stands for Knowledge Base). This number is associated with a specific Microsoft article that uses the same designation. - Can be uninstalled either through Command Prompt or through Windows Update \> Update history \> Uninstall updates in the Settings app. PowerShell, booting into the Advances options recovery environment, or Safe Mode can all also be used to uninstall updates. Feature updates: Feature updates: - Are also called builds. - Are released as a new version of the Windows operating system. - Are released semi-annually in the spring and fall. - Provide new features and functions. - Are identified through the build number that indicates the release date. For example, 1903 means it was released in the third month of the year 2019. - Can be uninstalled within the first 10 days using the Settings app and selecting Windows Update \> Update history \> Uninstall updates. (Be sure to back up files before rolling back an update.) Servicing stack updates: The servicing stack is the code that installs Windows updates. Occasionally, Microsoft releases updates for the servicing stack.\ \ If you do not regularly update the services, you should monitor servicing stack releases to be sure that the servicing stack works correctly when you do need it. A listing of recent Servicing Stack Updates can be found on Microsoft's website. Driver updates: To keep systems running smoothly, it is important to keep all hardware drivers updated. Windows Update automatically updates hardware drivers to systems that have been registered with Microsoft. However, keep in mind that: - You must go to the manufacturer\'s website to update drivers that are not registered with Microsoft. - You can manually update drivers registered with Microsoft. To do this, find the device in Device Manager, right-click, and select **Update Driver**. Microsoft product updates: Microsoft product updates provide updates for products such as Office. These product updates can be enabled or disabled. **Windows Update Delivery Optimization** Windows Update Delivery Optimization (WUDO) is Microsoft\'s approach to offering options for how systems receive updates. Microsoft WUDO: - Allows updates to be downloaded and distributed much more quickly than with previous versions of Windows. - Reduces download traffic. - Provides three locations for receiving updates: - Microsoft Update servers. - Other Windows systems on the local network. - Other Windows systems on the internet. **Servicing Channels** As an IT professional, you can use what Windows calls servicing channels and deployment rings to manage deployments of updates to systems. These allow you to decide how aggressively you want workstations to be updated. For example, an organization may have a number of lab machines that you want to update as soon as new updates are released. This gives you a chance to test them and make sure that those updates don't break anything. Only when you are sure that they are not going to cause problems to the system will you want to deploy them to the standard production systems. Additionally, there may be institutions like banks or healthcare organizations that require a much longer update cycle to ensure continuity. These systems are mission critical and they cannot go down due to a buggy update being installed. To successfully control update deployments, Microsoft offers three servicing channels for Windows: Windows Insider Program: The Windows Insider Program: - Provides early, pre-released Windows builds and feature updates. - Gives system administrators a chance to test updates before deploying them to systems. - Gives system administrators a chance to give feedback to Microsoft on any bugs before Microsoft releases the update. General Availability Channel: General Availability Channel updates are: - Automatically installed as soon as they are released (unless deferred). - Allowed to be deferred up to 365 days. - Ideal for pilot deployments and lab testing of Windows updates. - Typically used by system administrators and software developers. Long-Term Servicing Channel: Long-Term Servicing Channel updates are: - Available only through Windows Enterprise LTSB edition. - Designed for highly sensitive systems that can\'t tolerate any downtime. These are things like ATMs, cash registers, and medical equipment. - Does not include many Windows applications like Edge, Office, Microsoft Store, Mail, and more. This is because this servicing channel is designed for systems that do not need frequent updates. - Typically released every 2-3 years. - Allowed to be skipped for up to 10 years. **Uninstalling Updates** There may be situations where you need to uninstall an update that was automatically installed by Windows Update. This can be accomplished by using the Settings app as follows: 1. From the **Settings** app, select **Windows Update** \> **View update history** \> **Uninstall updates**. 2. Select the desired update and select **Uninstall**. Since the above process opens Control Panel, you can uninstall updates directly from it as follows: 1. From **Control Panel** , select **Programs** \> **Programs and Features** \> **View installed updates**. 2. Select the desired update and select **Uninstall**. A key to the successful implementation of BitLocker is an understanding of its interaction with the Trusted Platform Module (TPM). You must also be familiar with BitLocker management tasks, security components, and NTFS partition requirements. This lesson covers the following topics: - BitLocker and TPM - BitLocker management - BitLocker security components - BitLocker partitions **BitLocker and TPM** BitLocker offers several modes that determine the security level. The TPM-only mode: - Performs integrity checks and starts the system automatically if all checks pass. - Does not require intervention to boot the system. - Does not require additional authentication such as passwords, startup keys, or PINs. The TPM with startup key mode: - Performs system integrity checks. - Checks for the required startup key on a USB flash device. - Boots to recovery mode if the USB flash device with the startup key is unavailable. The USB device containing the startup key must be inserted into the computer before booting. The TPM with PIN mode: - Performs system integrity checks. - Prompts the user to input a PIN before the computer boots. - Boots to recovery mode if the USB flash device is unavailable or the wrong PIN is entered. TPM with PIN and startup key: - Performs system integrity checks. - Prompts the user to input a PIN before the computer boots. - Checks for the required startup key on a USB flash device. - Boots to recovery mode if the USB flash device is unavailable or the wrong PIN is entered. - Provides the highest level of security and is the recommended option. BitLocker without a TPM: - Enables BitLocker when the computer does not have a TPM. - Looks for the startup key on a USB flash device. - Does not perform a system integrity check and does not provide boot environment protection. - Allows the removal and installation of the hard drive and USB key to another computer. First introduced in Windows 10 version 1803, Intel added protection against DMA attacks via Thunderbolt 3 ports. The Kernel DMA Protection is only available for new systems and requires a change in the system firmware and/or BIOS. **BitLocker Management** Manage BitLocker as follows: - Log in as a member of the Local Administrators group. - Open the BitLocker Drive Encryption tool from Control Panel ( **System and Security** \> **BitLocker Drive Encryption** ). - Use the TPM Management console to manage the TPM, including: - Configuring storage of TPM recovery information. - Clearing the TPM content. - Resetting the TPM lockout value used to prevent tampering. - Enabling or disabling the TPM. - Ensure that you perform a system check after enabling BitLocker encryption. Be aware of the following BitLocker management details: - Disable (pause) BitLocker for temporary maintenance of BIOS/UEFI or boot files. Disabling BitLocker creates a plaintext key on the hard drive. The plaintext key is removed when BitLocker is re-enabled. - Decrypt the drive (turn off BitLocker) when you want to permanently remove BitLocker. You must re-encrypt the drive to restore protection. - Reapply BitLocker after a restoration is complete. BitLocker settings are not restored when you perform a volume, operating system, or full server restore. **BitLocker Security Components** BitLocker configuration involves creating the following security components: TPM owner password: The first configuration step is to enable and initialize the TPM. During this process, a TPM owner password is generated. This password is required to make future modifications to the TPM, such as enabling or disabling the TPM. Recovery key: If there are problems related to BitLocker as the computer boots, the computer is forced into BitLocker recovery mode. Recovery mode is triggered by the following: - The TPM chip is disabled or cleared. - The USB device with the key is missing. - Files on the volume have been altered. - The drive is in a different computer than when encrypted. A recovery key is required to access encrypted volumes when the computer boots to BitLocker recovery mode. To allow the system to boot from recovery mode, you must supply the recovery key or password. - During BitLocker configuration, the recovery key is automatically generated. - The recovery key is saved as a 48-digit numerical password or as a cryptographic key file. - Each computer has its own unique recovery key or password. - Without the recovery key or password, the system can boot only to recovery mode. You cannot access data on the disk if the system is in recovery mode. - Active Directory (AD) can automatically generate and store the recovery keys. AD provides a centralized and automatic method of archiving the recovery key. - In Windows 8 and later, you can back up the recovery key to your online Microsoft account. PIN:\ If you are using TPM, you can require that a PIN be entered during startup. If you require a PIN, the system will not boot without it and encrypted drives will be inaccessible. - The PIN is between 4 and 20 digits. - A copy of the PIN is saved in the TPM. - During startup, a user must enter the PIN. - Use Group Policy to configure the PIN\'s complexity. Startup key: A startup key is an additional key that must be provided to boot the system. - The startup key must be present on a USB flash device during system startup. - A startup key is the only option for systems without a TPM chip. - If using TPM, a startup key is optional. Data volume key: A data volume key is necessary if you have encrypted data volumes in addition to the operating system volume. - To unlock data volumes automatically, save the data volume key in the Registry on the system volume. - During startup, BitLocker decrypts the system volume and then retrieves the data volume key(s) from the Registry to decrypt the data volume(s). - Each data volume has its own recovery key. Data Recovery Agent: A Data Recovery Agent (DRA) is a user account that can recover encrypted data from BitLocker-protected drives when the password or keys are lost. A DRA: - Uses a single account throughout the organization to recover data from BitLocker-enabled volumes on multiple computers. - Is configured through Group Policy. BitLocker Group Policy settings: - Manage the types of volumes that can be recovered using a DRA. - Can require a different password and recovery key for each type of volume. **BitLocker NTFS Partition** BitLocker requires a separate, active, and unencrypted NTFS partition that contains the files needed to start the operating system. A Windows 7 or later installation creates this partition prior to the installation of the operating system files. If necessary, you can use one of the following options to create it manually: - Turn on BitLocker from the Control Panel. The BitLocker setup wizard will configure the target drive. The wizard will inspect the hard disk configuration and, if necessary, will attempt to repartition the disk drive to create the boot partition. - Use the **BdeHdCfg.exe** command line tool to repartition the disk drive. This tool provides the same drive preparation functionality as the BitLocker Control Panel interface, but it provides greater control over the type and sizes of the BitLocker partitions. You can use the following options with **BdeHdCfg.exe** : - **-driveinfo** displays information about valid target drives. - **-target** specifies the target and operation. Use one of the following values with this option: - ***shrink*** creates a new active partition. - ***merge*** makes an existing partition active. - ***unallocated*** uses unformatted disk space. - ***default*** causes the target to be chosen automatically. - **-newdriveletter** specifies a drive letter to be assigned to the new drive. - **-size** specifies the size of the new drive. If not specified, a default size of 712 MB is used. - **-restart** configures an automatic restart after the drive has been partitioned. - **-quiet** eliminates screen output from this tool **bdehdcfg -target c: shrink -newdriveletter x: -size 712 -quiet -restart** **Note** : Errors may occur if **bdehdcfg** is run on a computer when the **Deny write access to fixed driver not protected by BitLocker** Group Policy setting is enabled.

Client-9.3-9.6 Backup and Restore

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue