You can back up a PGP-encrypted volume without any issue. However, while recovering a PGP-encrypted system volume a manual workaround (mentioned below) is required.
Consider the following points while backing up or restoring PGP-encrypted volumes:
- If multiple volumes are encrypted and you are performing a hot backup (backup while OHS is running), you must back up all the encrypted volumes. In case of system volume restore, you must restore all the volumes.
- During hot backups of encrypted volumes, the encryption is not retained. Hence, after you restore, you must encrypt them again.
- If you have cold backups of PGP-encrypted volumes, you must restore the backups with the same partition layout (start offset, size, and sequence) and on the same disk.
To restore a computer with PGP-encryption, after you boot your computer using the Symantec Recovery Disk CD/DVD and restore your primary drive, you must rewrite the Master Boot Record (MBR) after the restore and before rebooting.
You can do so by performing the following steps:
- Boot into the Symantec recovery environment using the Symantec Recovery Disk (SRD).
Note: If using a USB SRD, copy the MANAGER folder from a CD\DVD SRD to the root of USB drive before booting to the USB SRD.
- Connect the backup media to your computer.
- Run the Recover My Computer wizard and restore your computer. If a System Reserved partition was backed-up, that must also be restored with the other volume(s). Do not allow the computer to reboot when finished.
(Note: If the following steps fails, a drive letter may not have been assigned to the system partition. If this is the case, allow the system to reboot immediately back into the Symantec Recovery Disk and try again. However, if the boot option to the SRD is missed during the reboot and the PGP encryption screen appears, the MBR will be scrambled and the restore process must be repeated).
- When the restore is complete, click the Analyze tab.
- Click on Command Prompt.
- Navigate to the Symantec Recovery Disk drive letter.
- Rewrite the Master Boot Record using the following command:
For Windows XP/2003:
D:\MANAGER\Bootsect.exe /nt52 C: /mbr
For Windows Vista\7\2012 or later:
D:\MANAGER\Bootsect.exe /nt60 C: /mbr
(Note: If a 100MB System Reserved partition exists on the drive, the drive letter will be D:\, or whatever letter is assigned.)
Example, with successful return message:
- Reboot the system.
- Once back into Windows, it will be necessary to re-encrypt the restored volume(s).