Backing up a partition with Windows encryption enabled

A customer wanted to back up the system partition and received a total of 10788 error messages "Access to the file is blocked. Check the security settings.", including for files in the following folder:

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys

What did the customer do wrong? Two things.

Windows disk encryption is activated on the computer. This means that only those files on the computer that are assigned to the current user or that are shared are accessible. All files of other users are blocked because they are encrypted for the other user. To also back up the data of the other users, the user login data of the folders could be stored in the backup task. However, this requires a great deal of insight, as the encrypted folders are widely scattered on the disk.

The better and simpler method is to create a hard disk image of the system partition. Here Langmeier Backup already accesses the data at a deeper level, where Windows does not block the files.

Encryption key must also be backed up

Very important: If Windows encryption is used, the encryption key must be exported as a PFX file and backed up separately. If this key is not backed up, the files can no longer be opened after a restore. To ensure that nothing goes wrong, it is best to save the key in a separate file, separate from the hard disk image.

You can read how to export the encryption key as a PFX file here (under the title "Key backup").