(04-11-2026, 10:49 AM)admin Wrote: Hi al3x,
It is not advisable to save the access key of the target drive in the backup image for the following reasons:
1. The backup image itself may not be encrypted, especially when backing up a non‑BitLocker drive, and the program will not prompt the user to encrypt the image.
2.The backup image may be copied to another partition or even another computer, in which case the access key saved within the image becomes useless.
It is particularly important to note that if the image is not encrypted, the access key can easily be leaked. Therefore, my idea is to only pass the access key to WinPE when automatically booting from Windows into WinPE to perform a restore operation. In this way, the key always remains on the current computer and can be cleared immediately after entering WinPE.
Best regards,
Hey,
ok, I see your points and you're right, the warning message is currently only shown when saving a BitLocker encrypted partition (not when saving ON a BitLocker encrypted partition).
But I'm still curious: How do you currently handle the unlocking of the system drive? I can boot from WinPE directly, select the image and the restore process is able to unlock the partition to perform delta restore.
Btw: Instead of passing the recovery key for the backup partition to WinPE, you could also temporarily pause the encryption with manage-bde -protectors <drive> -disable. This should temporarily unlock the volume. Not sure about resuming encryption though. Microsoft documentation says it should resume automatically after a reboot, but that is only for system drives. You might need to resume manually with -enable then.