Windows Server 2008/2012/2016 Backup Encryption Guide

December 12, 2019

This article will introduce how to set Windows Server 2008/2008 R2/2012/2012 R2/2016 backup encryption to protect your important data. Using BitLocker to encrypt backup drive or let AOMEI Backupper to set encryption for each backup task.

Backup encryption – double protection for your data

We all know how important it is to make a data backup. When something bad happens, you can restore it from backup. However, it is not enough to have a single backup. For example, you may worry someone may steal your backup and get the data on it. Anyone can access the image file, someone may modify or destroy it with intention. In order to protect your server from unauthorized access, you still need to set Windows Server backup encryption.

Encryption, by itself, can protect the confidentiality of data. Only the one who knows the password can access the image while others can not. In short, you need to back up your files. You also need to encrypt the ones containing sensitive information. Backup and encryption offer you double protection for your data.

There are two ways to help you set Windows Server backup encryption. The traditional way is using the BitLocker to encrypt the backup drive. Or if you prefer a more flexible way to make it, you can let one third-party tool to help you set encryption for each backup task. Refer to Part 2 to learn more >

Part 1. Using BitLocker with server backup

There is a feature BitLocker in Windows Server 20012 R2/2012/2008 that you can use to encrypt your hard drive. It is a data protection feature that protects against data theft or exposure on data stored on fixed and removable data drives. Let’s see how to use BitLocker with server backup

First, you should manually add this feature in the Server Manager.

1. Click Start, select Administrative Tools, and then click Server Manager.

2. In the Server Manager navigation pane, click Features, and then Add Features

3. Find out BitLocker Drive Encryption, and then click Next.

4. Click Install. When the wizard finishes, click Close, and then click Yes to restart the server if required.

Second, you should assign a drive letter to the backup hard disk drive.

1. In the Server Manager navigation pane, click Storage, and then click Disk Management.

2. Right-click the backup drive, and then click Change Drive Letter and Path.

3. Click Add, choose a drive letter from the drop-down menu, and then click OK.

4. Click Yes, and then close Server Manager.

Third, to turn on BitLocker.

1. Click Start, then Control Panel. Select System and Security, and then choose BitLocker Drive Encryption.

2. Click Turn on BitLocker for each of the drives that you want to protect, and then click Yes.

3. Choose the method that you want to use to unlock the drive after it is encrypted. If you choose to use a password, you can print it or save it in a file.

4. Click Start Encrypting. Depending on the size of the drive and the amount of data, it might take several hours to encrypt the drive.

5. When encryption is finished, unlock the backup drive using the BitLocker password that you created. Server backup, and file and folder restore should work as expected.

Enable BitLocker

Tips:

  • When drives, folders, and files are backed up by the server, an unencrypted version is saved to the server. During full system restore, this unencrypted version is copied to the computer. After a successful full system restore, you have to reactivate BitLocker on the server.

  • BitLocker Drive Encryption is only available in some editions of Windows 7/8/8.1/10, Windows Server 2008 and later.

  • Setting Windows Server 2012/2012 R2 backup encryption is quite similar to 2008 edition.

  • You cannot set encryption during backup with BitLocker Drive Encryption. There is another way that allows you to set encryption during backup.

Part 2. How to set encryption during backup?

AOMEI Backupper Server, one professional server backup utility, also provides the function to help the users in data protection. With AOMEI Backupper, you can set encryption during the backup, which can save you much time and effort. When backing up the system, file, disk or partition, there will be an "Options" item, you can set the password easily by clicking this option.

The Server edition of AOMEI Backupper can support all editions of Server system and Windows system. Let’s take a look at how to set Windows Server backup encryption with AOMEI Backupper.

Step 1: Select a backup type under the "Backup" tab. Set "Partition Backup" as an example.

Partition Backup

Step 2: Setting the source and the destination partition respectively. Then click "Options" beneath to set encryption.

Options

Step 3: Tick the "Enable encryption for backups" option. Type password and confirm the password. And then click "OK" and "Start Backup".

Enable Encryption for Backup

Tips:

  • To save space, you can set compression by clicking Options.

  • Click Schedule to set scheduled backup which includes incremental and differential backups.

  • If you already have an encrypted drive, and you want to make a backup of this hard drive. You may fail because you cannot access to this drive. However, AOMEI Backupper can make it. It allows you to backup BitLocker encrypted drive with the sector by sector method.

Conclusion

Now you know two methods to set Windows Server backup encryption. By setting Windows Server backup encryption, you can rest assured that your data is double protected by it. Compared to use BitLocker, if you prefer an easier and more flexible way to make it, AOMEI Backupper Server is a better choice. Besides, as a professional backup and restore software, it can even restore your computer to dissimilar hardware.

If you want to protect unlimited PCs and servers within your company, you may choose AOMEI Backupper Technician Plus. It offers unlimited billable technical services to clients. It also enables you to copy installation directory for portable version creation.