Jump to content
RESET Forums (homeservershow.com)

Backing up a machine with TPM?


texasPI
 Share

Recommended Posts

So my wife has a laptop issued to her by her employer, a university. She uses it exclusively at home and I've never set it up to connect to our server. One of the reasons is that it has a TPM and while I know what it is, I'm not sure what, if anything, it means as far as backups and restores go. The university IT department doesn't care about these machines too much since they are essentially purchased by my wife's department with grants they get for the university but this makes them technically the property of the university. On that subject, let's say I ghost an image of the hard drive and wipe the drive and install Win 7 Ultimate (it runs Win 7 Enterprise). Will the TPM give me problems?

 

While this may or may not be against her university policy (can't get a straight answer from them), I know that one of her colleagues is being allowed to keep her university laptop so I anticipate the same would be true for my wife. That said, IT has locked this machine down with various policies that are annoying and they offer no end user support at all. They use Sophos for antivirus and her machine's viruse definitions are almost a year out of date and she can't install windows updates whatsoever. She has taken it in and they don't fix the problems. So she hardly ever uses it because it's a security risk. That's why I want to create an image of it as is, then reinstall the OS so I can handle this myself. Seems a shame to have a new laptop sitting unused because of this.

Link to comment
Share on other sites

If she uses it exclusively at home and does not connect to the school network, there is not to much that can be forced down on the machine except via a local policy. If the virus definitions are that far out of date there is no way I'd connect it to my server.

 

If it were me, I'd just buy a new spindle drive and install your own OS and never look back.

Link to comment
Share on other sites

is TPM actually enabled or just a feature of the laptop? Does you use a smart card to login? Does she have a bios level password on it?

 

If you can get into the BIOS then I don't think TPM will cause you any problems. Like jmwills says, but another drive and go for it.

 

Dennis

Link to comment
Share on other sites

  • 1 month later...

The TPM won't love you for changing the disk assuming the disk is encrypted using Bitlocker.

 

if the drive isn't encrypted, there is absolutely no issue swapping the disk back and forward. The TPM is there to hold the pre-boot encryption keys, so that you don't have to enter a boot-time password with an encrypted volume.

 

My work laptop runs Bitlocker (Windows 7 Enterprise), and it is connected to my v1 WHS, and I have also tested with my 2011 test box using another Bitlocker encrypted system.

 

And the answer to the next question, you can fully restore a Bitlocker encrypted system using WHS... :) the restored image is not encrypted, so you have to encrypt again, but it works perfectly.

Link to comment
Share on other sites

The TPM won't love you for changing the disk assuming the disk is encrypted using Bitlocker.

 

if the drive isn't encrypted, there is absolutely no issue swapping the disk back and forward. The TPM is there to hold the pre-boot encryption keys, so that you don't have to enter a boot-time password with an encrypted volume.

 

My work laptop runs Bitlocker (Windows 7 Enterprise), and it is connected to my v1 WHS, and I have also tested with my 2011 test box using another Bitlocker encrypted system.

 

And the answer to the next question, you can fully restore a Bitlocker encrypted system using WHS... :) the restored image is not encrypted, so you have to encrypt again, but it works perfectly.

 

Thanks for the reply. What I ended up doing was a full backup of the machine then I wiped the drive and installed Win 7 Ultimate onto it. Is there a way to ensure I don't lose that backup image of the previous configuration? I'm assuming WHS 2011 wont erase that backup since no new backups of it are being created so it should keep it indefinitely, right?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...