backupfilevaultrestoretime-machine
My Mac book pro was stolen.
ML 10.8.2.
I successfully restored all system from Time Machine backup.
I remember having turned on FileVault on my user account on original system.
But on restored system that account has FileVault turned off.
Does it mean account on original system had FileVault turned off as well?
And related question. FileVault was turned on on Lion or even earlier. Usual system upgrades should keep FileVault turned on, right?
It's not an answer to your specific intermittent failure, but I do have a workaround that several clients have used.
I make them another account that isn't file vault protected and rather than logging out and leaving the mac at the welcome screen, enter the empty user and walk away. (or kick off a backup and then walk away)
In practice I get better backups when a user is logged in.
If this needs to work for you, do file a bug with apple since it should work each time and every time without a workaround. When it fails, there should be detailed enough logging to fix issues if they arise even if normal logs are suppressed as a compromise to added security with FileVault enabled.
Also BackupLoupe is great for poking at backups to see what is actually changing after the fact rather than guessing from logs and byte counts stored in logs.
I have had other people reconsider file vault and just use encrypted disk images for data that needs to be secured which minimizes many of the drawbacks of having the entire user folder inside file vault. I've done this myself since soon after file vault came out and I much prefer it compared to living with FileVault.
This is the built in data transfer tool for Macs.
You can find it in /Applications/Utilities. You'll want to do the following:
Plug in your Time Machine backup drive, open Migration Assistant and select the From another Mac, PC, Time Machine backup, or other disk option:
Select the From a Time Machine backup or other disk option:
Select your Time Machine backup and click Next.
It should show you your old user account, which will have a drop down menu to select all the things you can restore.
Follow the prompts to restore.
This method will create a new user account alongside the one the Apple Store folks created for you. You'll be able to log out of the account they set up and log into your own.
Navigate to /var/db by pressing Shift + ⌘ + G and typing in the path.
Find the .AppleSetupDone file and delete it. It will likely ask you to authenticate as an administrator.
Restart your Mac.
Use the Setup Assistant to select a Time Machine backup to restore from.
This method does not delete the existing user account, but simply creates a new administrator account alongside it and allows you to use the Setup Assistant to restore from the backup.
You will need to delete the account the Apple Store folks set up for you if you don't want it anymore.
Good luck!
Best Answer
Mount the Time Machine drive / volume on your desktop and navigate to the snapshot you used to restore the Mac.
In the /Volumes/path_to_tm/Backups.backupdb/Mac_Name/Latest/HD_Name/Users folder, you will either see a directory or a file.sparsebundle named for your user's short name.
If you see a .sparsebundle, you had FileVault 1. If not, then not.
The answer here also depends on which version of FileVault (1 or 2) you were using on the missing Mac.
FileVault 1 is based on encrypting just the home folders of accounts as opposed to encrypting everything on the Disk. If you enable FileVault in OS X 10.3 - 10.6, this is what you get; upgrading to 10.7/10.8 will leave the encryption intact (now called "Legacy FileVault").
If you recover an FV1-protected account, the encryption should be maintained. Since your recovered account is not encrypted, you didn't have this enabled on your account on your old computer.
FileVault 2, on the other hand, is based on encrypting the entire startup volume -- all accounts, the OS itself, etc. If you enable FileVault in OS X 10.7 or later, this is what you get. You can also "upgrade" from Legacy FV to FV2 by disabling Legacy FV, then enabling FV2 (note that Apple recommends doing this, but it is not automatic).
If you had FV2 enabled on your computer, there's no way (at least, no easy way) to tell from the backup. 10.7 and later allow you to encrypt the backup, but that's independent of encryption on the startup volume (i.e. it's entirely possible to have an unencrypted backup of an encrypted system, or an encrypted backup of an unencrypted system). Also, the restored account will be unencrypted, unless you specifically enable FV encryption on the new computer.