Hey there,
I tested around a bit with the new BitLocker features in the current beta version.
What I can say so far: This feature is insane! I really like that HBS is now able to retain the BitLocker state and that you can even select if you want BitLocker retained or removed. You can even restore without BitLocker first and then again restore the same backup and this time reenable BitLocker. That's crazy good and I can't even imagine the things that had to be moved to make this feature possible. Huge props for that!
Besides that, I tested around a bit further and I've found 3 things that might be worth looking into:
---
1) Backup is stored on another partition that also has BitLocker enabled
Restore will still work, I didn't think it would go through but it did, nice! But it won't automatically open the backup partition. Instead after booting to WinPE it will ask for the BitLocker password or recovery key. If you provide the key, it will continue and restore without problems.
I think it might be a good idea to also remember a possible recovery key for the backup partition (just like with the system partition). That way the user wouldn't have to do anything at all.
---
2) Error during backup of a freshly installed Windows 11 where device encryption is not completed yet
If you setup a new device with Windows 11 and it is encrypted by default, the encryption will be "Device encryption" where the BitLocker password will be uploaded to your Microsoft account and all devices connected to your PC will be "prepared" for encryption. This is the new default for all modern devices and the user normally won't even recognize their device was encrypted.
This is exactly the scenario I tested. The device was installed with a fresh copy of Windows 11 but with a local Windows account. This will prepare your device in a way that partitions are BitLocker encrypted (during setup) but no recovery key was set so far:
![[Image: I5uJFVyD_o.png]](https://images2.imgbox.com/bf/fe/I5uJFVyD_o.png)
![[Image: Ts3RJHwj_o.png]](https://images2.imgbox.com/a1/1c/Ts3RJHwj_o.png)
When you try to backup Windows with HBS in this state, the backup will fail. First it tells you that the drive has BitLocker activated (which is true, just not protected so far):
![[Image: DFeXuEgN_o.png]](https://images2.imgbox.com/16/9a/DFeXuEgN_o.png)
Then when performing the backup it fails with this error:
![[Image: SgJy1nQV_o.png]](https://images2.imgbox.com/ed/53/SgJy1nQV_o.png)
Specified object not found. (0x030E001300000000)
The operation was not successful.
I attached the log to this thread.
---
3) Device encryption changes to "normal" BitLocker encryption after a restore
This one is a little hard to explain and I'm not that familiar with the differences of device encryption and "normal" BitLocker encryption unfortunately.
When a fresh Windows 11 device is encrypted with BitLocker device encryption, it will show "Device encryption" and an "ON" slider in Windows settings under "Privacy & security" / "Device encryption" (see first screenshot on 2).
But after successfully restoring a backup with HBS this menu will look different:
![[Image: zLT4Evs0_o.png]](https://images2.imgbox.com/5a/19/zLT4Evs0_o.png)
The slider is now gone and it will only show "Your encryption settings are managed by BitLocker". Technically this is probably the same, but it looks like the "advanced" version of device encryption now where you can't easily decrypt everything by turning the slider to "OFF". Instead encryption is now managed by the "normal" BitLocker settings.
I don't know what the differences are exactly, device encryption looks like the "beginner" version for me. But I was wondering why this changes after a restore.
*Edit: Also, when thinking about it, I was testing with a Windows 11 Pro version where BitLocker is available in general. Home on the other hand does not have BitLocker available to the user. Device encryption can be active on both editions, though. That means if a restore changes the settings to "normal" BitLocker, users of the Home edition might be locked out of the settings or worse. So maybe this effect should also be checked with the Home edition and what might change for users.
---
That's all I have for now. All in all this beta version is really impressive.
Points 1 and 3 are not really critical for me. Point 2 might be worth looking into because there might be lots of people that have device encryption turned on without being activated fully.
Cheers!
al3x
I tested around a bit with the new BitLocker features in the current beta version.
What I can say so far: This feature is insane! I really like that HBS is now able to retain the BitLocker state and that you can even select if you want BitLocker retained or removed. You can even restore without BitLocker first and then again restore the same backup and this time reenable BitLocker. That's crazy good and I can't even imagine the things that had to be moved to make this feature possible. Huge props for that!
Besides that, I tested around a bit further and I've found 3 things that might be worth looking into:
---
1) Backup is stored on another partition that also has BitLocker enabled
Restore will still work, I didn't think it would go through but it did, nice! But it won't automatically open the backup partition. Instead after booting to WinPE it will ask for the BitLocker password or recovery key. If you provide the key, it will continue and restore without problems.
I think it might be a good idea to also remember a possible recovery key for the backup partition (just like with the system partition). That way the user wouldn't have to do anything at all.
---
2) Error during backup of a freshly installed Windows 11 where device encryption is not completed yet
If you setup a new device with Windows 11 and it is encrypted by default, the encryption will be "Device encryption" where the BitLocker password will be uploaded to your Microsoft account and all devices connected to your PC will be "prepared" for encryption. This is the new default for all modern devices and the user normally won't even recognize their device was encrypted.
This is exactly the scenario I tested. The device was installed with a fresh copy of Windows 11 but with a local Windows account. This will prepare your device in a way that partitions are BitLocker encrypted (during setup) but no recovery key was set so far:
When you try to backup Windows with HBS in this state, the backup will fail. First it tells you that the drive has BitLocker activated (which is true, just not protected so far):
Then when performing the backup it fails with this error:
Specified object not found. (0x030E001300000000)
The operation was not successful.
I attached the log to this thread.
---
3) Device encryption changes to "normal" BitLocker encryption after a restore
This one is a little hard to explain and I'm not that familiar with the differences of device encryption and "normal" BitLocker encryption unfortunately.
When a fresh Windows 11 device is encrypted with BitLocker device encryption, it will show "Device encryption" and an "ON" slider in Windows settings under "Privacy & security" / "Device encryption" (see first screenshot on 2).
But after successfully restoring a backup with HBS this menu will look different:
The slider is now gone and it will only show "Your encryption settings are managed by BitLocker". Technically this is probably the same, but it looks like the "advanced" version of device encryption now where you can't easily decrypt everything by turning the slider to "OFF". Instead encryption is now managed by the "normal" BitLocker settings.
I don't know what the differences are exactly, device encryption looks like the "beginner" version for me. But I was wondering why this changes after a restore.
*Edit: Also, when thinking about it, I was testing with a Windows 11 Pro version where BitLocker is available in general. Home on the other hand does not have BitLocker available to the user. Device encryption can be active on both editions, though. That means if a restore changes the settings to "normal" BitLocker, users of the Home edition might be locked out of the settings or worse. So maybe this effect should also be checked with the Home edition and what might change for users.
---
That's all I have for now. All in all this beta version is really impressive.
Points 1 and 3 are not really critical for me. Point 2 might be worth looking into because there might be lots of people that have device encryption turned on without being activated fully.
Cheers!
al3x