By AOMEI / Last Updated June 22, 2020

Backup encryption – double protection for your data

We all know how important it is to make a data backup. When something bad happens, you can restore it from backup. However, it is not enough to have a single backup. For example, you may worry someone may steal your backup and get the data on it. Anyone can access the image file, someone may modify or destroy it with intention. In order to protect your server from unauthorized access, you still need to set Windows Server backup encryption.

Encryption, by itself, can protect the confidentiality of data. Only the one who knows the password can access the image while others can not. In short, you need to back up your files. You also need to encrypt the ones containing sensitive information. Backup and encryption offer you double protection for your data.

There are two ways to help you set Windows Server backup encryption. The traditional way is using the BitLocker to encrypt the backup drive. Or if you prefer a more flexible way to make it, you can let one third-party tool to help you set encryption for each backup task. Refer to Part 2 to learn more >

Part 1. Using BitLocker with server backup

There is a feature BitLocker in Windows Server 20012 R2/2012/2008 that you can use to encrypt your hard drive. It is a data protection feature that protects against data theft or exposure on data stored on fixed and removable data drives. Let’s see how to use BitLocker with server backup

First, you should manually add this feature in the Server Manager.

1. Click Start, select Administrative Tools, and then click Server Manager.

2. In the Server Manager navigation pane, click Features, and then Add Features

3. Find out BitLocker Drive Encryption, and then click Next.

4. Click Install. When the wizard finishes, click Close, and then click Yes to restart the server if required.

Second, you should assign a drive letter to the backup hard disk drive.

1. In the Server Manager navigation pane, click Storage, and then click Disk Management.

2. Right-click the backup drive, and then click Change Drive Letter and Path.

3. Click Add, choose a drive letter from the drop-down menu, and then click OK.

4. Click Yes, and then close Server Manager.

Third, to turn on BitLocker.

1. Click Start, then Control Panel. Select System and Security, and then choose BitLocker Drive Encryption.

2. Click Turn on BitLocker for each of the drives that you want to protect, and then click Yes.

3. Choose the method that you want to use to unlock the drive after it is encrypted. If you choose to use a password, you can print it or save it in a file.

4. Click Start Encrypting. Depending on the size of the drive and the amount of data, it might take several hours to encrypt the drive.

5. When encryption is finished, unlock the backup drive using the BitLocker password that you created. Server backup, and file and folder restore should work as expected.

Enable BitLocker


  • When drives, folders, and files are backed up by the server, an unencrypted version is saved to the server. During full system restore, this unencrypted version is copied to the computer. After a successful full system restore, you have to reactivate BitLocker on the server.

  • BitLocker Drive Encryption is only available in some editions of Windows 7/8/8.1/10, Windows Server 2008 and later.

  • Setting Windows Server 2012/2012 R2 backup encryption is quite similar to 2008 edition.

  • You cannot set encryption during backup with BitLocker Drive Encryption. There is another way that allows you to set encryption during backup.

Part 2. How to set encryption during backup?

AOMEI Backupper Server, one professional server backup utility, also provides the function to help the users in data protection. With AOMEI Backupper, you can set encryption during the backup, which can save you much time and effort. When backing up the system, file, disk or partition, there will be an "Options" item, you can set the password easily by clicking this option.

The Server edition of AOMEI Backupper can support all editions of Server system and Windows system. Let’s take a look at how to set Windows Server backup encryption with AOMEI Backupper.

Download Free Trial Win 10/8.1/8/7 & Server
Secure Download

Step 1: Select a backup type under the "Backup" tab. Set "Partition Backup" as an example.

Partition Backup

Step 2: Setting the source and the destination partition respectively. Then click "Options" beneath to set encryption.


Step 3: Tick the "Enable encryption for backups" option. Type password and confirm the password. And then click "OK" and "Start Backup".

Enable Encryption for Backup


  • To save space, you can set compression by clicking Options.

  • Click Schedule to set scheduled backup which includes incremental and differential backups.

  • If you already have an encrypted drive, and you want to make a backup of this hard drive. You may fail because you cannot access to this drive. However, AOMEI Backupper can make it. It allows you to backup BitLocker encrypted drive with the sector by sector method.

More Powerful Features to Manage Windows Server Backups

To help you manage your backups easily in Windows Server systems, AOMEI Backupper provides you two powerful features: Schedule and Scheme. Schedule has 6 options listed here:

1. Daily/Weekly/Monthly: To backup your Windows Server contantly, you could set up the backup running daily, weekly, monthly or at a specific time, to reduce the workload to backup the same content manually.

2. Event Triggers: You could trigger the backup event by the 4 events: User logon, User logoff, System startup, System shutdown.

3. USB plug in: AOMEI Backupper will automatically back up the data on the USB or backup data to USB drive while detecting the USB device is plugged in,

4. Real-time Sync: All files will stay up to date as long as you set up the real time file sync feature, AOMEI Backupper will sync files to other locations as soon as they changed.

Schedule General Settings

To delete old backup images to free up space, you could enable backup scheme: Click Scheme -> Enable Backup Scheme, choose a backup scheme and specify the backup number to maintain.

There are 5 schemes to help you to delete old backup image to free up space: Full Backup Scheme, Incremental Backup Scheme, Differential Backup Scheme, Space Management Scheme, Other Backup Scheme.

Backup Scheme


Now you know two methods to set Windows Server backup encryption. By setting Windows Server backup encryption, you can rest assured that your data is double protected by it. Compared to use BitLocker, if you prefer an easier and more flexible way to make it, AOMEI Backupper Server is a better choice. Besides, as a professional backup and restore software, it can even restore your computer to dissimilar hardware.

If you want to protect unlimited PCs and servers within your company, you may choose AOMEI Backupper Technician Plus. It offers unlimited billable technical services to clients. It also enables you to copy installation directory for portable version creation.