Using BitLocker with an automated backup app
April 17, 2021 10:53 AM Subscribe
I have a Windows 10 PC with three SSDs in it. I'd like to use BitLocker on all three drives, and I'd also like to install SpiderOak One to do automated backups. Help me do this so that it's a "set it an forget it" configuration.
My Windows 10 PC has a "C:\" drive with the operating system and also some data files on it. But most of my data files reside on two 1TB SSDs. As of now, none of the drives are encrypted, and I don't have any automated backup system in place.
I've investigated several different backup apps, and I'm leaning toward SpiderOak One Backup, mainly because their system is configured in such a way that even if someone hacks into their servers, the user files are still unreadable to the hackers. SpiderOak calls this "No Knowledge encryption".
In addition to implementing an automated backup, I'd like to encrypt all three of my local drives with BitLocker. And here's where I get confused. SpiderOak has guidelines on backing up encrypted drives, and their write-up ends with this warning: "To avoid all these difficulties, our recommendation is to mount the encrypted volume, then back up the files inside it."
I feel like that last sentence should be followed by another paragraph that explains what this means, exactly -- but their writeup ends there. How do I ensure that all three encrypted drives are mounted before SpiderOak starts to do backups? Is this a setting that can be configured when I install BitLocker and/or SpiderOak?
I think what I need to do is to make sure that when I boot the computer, I get prompted to enter a BitLocker password, and then all three encrypted drives will be mounted. Is this possible? I would really prefer not to mount anything manually, or launch SpiderOak manually after boot-up. My Googlefu is failing me here. I want to make sure I understand all this before I actually make any changes to my system.
My Windows 10 PC has a "C:\" drive with the operating system and also some data files on it. But most of my data files reside on two 1TB SSDs. As of now, none of the drives are encrypted, and I don't have any automated backup system in place.
I've investigated several different backup apps, and I'm leaning toward SpiderOak One Backup, mainly because their system is configured in such a way that even if someone hacks into their servers, the user files are still unreadable to the hackers. SpiderOak calls this "No Knowledge encryption".
In addition to implementing an automated backup, I'd like to encrypt all three of my local drives with BitLocker. And here's where I get confused. SpiderOak has guidelines on backing up encrypted drives, and their write-up ends with this warning: "To avoid all these difficulties, our recommendation is to mount the encrypted volume, then back up the files inside it."
I feel like that last sentence should be followed by another paragraph that explains what this means, exactly -- but their writeup ends there. How do I ensure that all three encrypted drives are mounted before SpiderOak starts to do backups? Is this a setting that can be configured when I install BitLocker and/or SpiderOak?
I think what I need to do is to make sure that when I boot the computer, I get prompted to enter a BitLocker password, and then all three encrypted drives will be mounted. Is this possible? I would really prefer not to mount anything manually, or launch SpiderOak manually after boot-up. My Googlefu is failing me here. I want to make sure I understand all this before I actually make any changes to my system.
Seconding whatnotever pretty much completely. You can definitely have Bitlocker automatically mount the drives at boot time if you want, or just have it prompt for a password before mounting/accessing the drive; Windows should ask you your preference when you enable Bitlocker on the drive. You can also pause or undo the Bitlocker encryption if you need to, so in the (extremely unlikely) event that it doesn't work out for you, you can go back to where you were and try something else.
posted by Aleyn at 9:50 PM on April 17, 2021
posted by Aleyn at 9:50 PM on April 17, 2021
Response by poster: Thanks for the tips. I ran into a snag, though. All my drives are formatted in MBR and not GPT, which apparently means that I can't activate BitLocker using a password (I don't want to use a hardware key). So I have some more research to do.
posted by JD Sockinger at 1:01 PM on April 18, 2021
posted by JD Sockinger at 1:01 PM on April 18, 2021
« Older A universal place on line to shop for cars? | Grayish, hairy "weed" from childhood memory Newer »
This thread is closed to new comments.
And you won't be able to mess it up inadvertently. What SpiderOak is warning against is selecting to backup a massive, multi-GB file that contains an entire encrypted volume. If you select individual files or folders within the encrypted volume after you have mounted it (and those files and folders won't be visible at all until you mount the volume), then you're all set.
So your goal should be to get those volumes to show up as a regular drives in Windows when you boot it, and that is probably how it will work by default. When that is working, then use SpiderOak as normal, selecting to back up whatever folders you want within those drives, and you should be all set.
posted by whatnotever at 1:39 PM on April 17, 2021 [1 favorite]