BackupAssist uses BitLocker to encrypt removable drives. These drives can generate a pop-up message when they are attached to a server. This article explains the message and how to respond.
BitLocker protects a drive from unauthorized access by encrypting all of the sectors and locking the drive. Only when the drive is unlocked, can the data on it be accessed.
How drives are unlocked
BackupAssist requires an unlocked drive to backup and restore data. An unlocked drive will lock itself if the drive is removed or if the server it is connected to is restarted.
A drive can only be unlocked by:
- Manually entering a password that was provided when the drive was encrypted.
- Providing the encryption key that was created for the drive during the encryption process.
The Encryption key
When a drive is encrypted, BitLocker creates an encryption key for that specific drive. The key is saved to a USB flash drive, and used by BackupAssist to unlock that drive each time the backup job runs. Because of server restarts and media rotations, it should be assumed that an encrypted drive is always locked when a backup job runs. For this reason – the USB flash drive containing the encryption keys should always be connected to the server when a backup job backs up to an encrypted destination.
When you create the backup job with BitLocker selected, you will be asked to provide a password. This password can be used to manually unlock the drives that were encrypted by the backup job.
The pop-up message
When an encrypted drive is attached to a server that is logged on, Windows will display a pop-up message to tell you that the drive is available and a password is required to access it.
Having a USB drive with an encryption key means you do not need to respond to this prompt for your backup job to proceed.
This message will have no impact on your backup job. You do not need to enter the password as long as you have the USB flash drive with the encryption key attached.
The pop-up message response
Because this is a Windows security pop-up, and because it needs to be allowed to appear for encrypted drives that are not managed by BackupAssist, it’s important to understand how the message applies to BackupAssist.
- If you see this message, you can select Cancel and ignore it. Your backup job will not be affected because the encryption key will be used to unlock the drive.
- If you enter the password into the pop-up and tick Automatically unlock on this computer from now on, the pop-up will not appear again. However, this means that the drive will be automatically unlocked every time it is attached. For security reasons, we recommended that you use the encryption key on the USB thumb drive to unlock the drive rather than have it auto unlock.
- Using the encryption key means the drive is only unlocked while the backup job is running. The key unlocks the drive when the backup starts and, if you have the drive set to eject, it will be locked again when the drive ejects at the end of the backup job.
- Using the password auto unlock means the drive will be unlocked for as long as it is attached to the server.
If you would like to learn more about BackupAssist and BitLocker, please see our online resource.