- Enable AppLocker on Windows 10 Pro and Windows 11 Pro with PowerShell - Thu, Jun 30 2022
- Restore BitLocker-encrypted drives from image backup - Thu, May 19 2022
- When the trust relationship between a workstation and the primary AD domain fails - Wed, May 18 2022
Backup with wbadmin
With wbadmin.exe, Windows clients have a built-in command line tool to create system images.
Creating a backup with Wbadmin
You can back up to a USB drive or a network location. You can also use the built-in task scheduler to schedule backups that work with the system account as executor.
Restore with wbadmin
If the system you are trying to restore from backup still boots, press Shift while clicking Restart. Then, at the next boot, select:
Troubleshoot > Advanced options > Show more recovery options > System image recovery
If the system does not boot and the recovery environment is unavailable, you will need to boot from a USB setup drive and select Repair my computer to get to system image recovery.
For this article, let us assume that the backup is on a local drive. After choosing System image recovery, the process starts with this screen:
Beginning the restore process
Restore a BitLocker-encrypted drive
If the system is encrypted with BitLocker, you'll receive this message when you restore the system image:
System Image Recovery
Enter the recovery key to get going again (Keyboard Layout: US)
Recovery key request after restoring a BitLocker encrypted system drive
After entering the recovery key, the restore process proceeds normally. At the end, you'll receive the message that the restored drives are not encrypted.
The restored drives are not encrypted
When the system boots up, you'll have to re-encrypt. The problem with this procedure is that re-encryption takes time. In addition, the protectors, such as the user startup PIN, need to be configured again and securely shared with the user. Can't we avoid this?
It turns out we can, using the third-party tool Snapshot. Download the trial as x64 version, select Backup disk to file, and while BitLocker is active, select all partitions of C:.
Selecting the volumes for a backup with Snapshot
As the destination file, select your backup path E:, followed by $disk.sna, as shown in the following screenshot:
Creating an image with Drive Snapshot 2 of 2
To restore the image when your Windows is still running, you won't need boot media; just select "Restore disk from file." Or, if you want to simulate disaster recovery, boot Windows setup from a USB stick that holds snapshot.exe (x64) in its root folder, and press Shift F10 for a command line. There, mount the encrypted drive using the recovery key before you call snapshot.exe, as in D:\snapshot.exe, and restore.
Bare metal restore with Snapshot
A short time later, Snapshot has restored the image, Windows boots, and C: is still encrypted.
Lessons learned
System restores only occur occasionally. If you only recently began to BitLocker-encrypt your system, please make sure to test the restore process.
Some backup programs are able to write to an encrypted disk, allowing you to skip the step of re-encrypting. Make sure to verify this with your own backup solution, as it can save you lots of time.
Isn't it amazing that the built-in Windows backup tool is unable to create encrypted restores, whereas this tiny third-party backup program with only 500 KB in size has mastered this task with ease?
