win 2003 backup

8/8/2019 Win 2003 Backup

1/18

http://www.ilopia.com

________________________________________________________________________Copyright 2002 Kristofer Gafvert 1

May not be republished

Backup Windows Server 2003

By: Kristofer Gafvert
http://www.ilopia.com/http://www.ilopia.com/

8/8/2019 Win 2003 Backup

2/18




Copyright Information

Copyright 2003 Kristofer Gafvert ([email protected]). No part of this publication

may be transmitted, reproduced, or republished in any way, without written permissions

by the author. The only website that is allowed to publish this document is ilopia.com,and its sub domains. If this document was downloaded from another website, please

contact the author by using the email address above.

If any of these rules are broken, legal actions will be taken for plagiarism. Plagiarism isagainst the law!

8/8/2019 Win 2003 Backup

3/18




Introduction

Oh no, the hard disk crashed, all data is gone, what do I do now? Recognize this? I

hope not. Every administrator should have backed up all the data. And to do that we needsome kind of software (ok, we can do it manually by using ctrl+c and ctrl+v, but do you

want to do that?). The backup utility in Windows Server 2003 is such software. And its

better then ever now, with things like Open File Backup (files can be accessed by usersthe same time its backed up). The storage medium can be a logical drive, such as yourhard disk, a removable drive, or a library with disks or tapes controlled by a robot. Read

on and find out whats new, how you perform backups and how it works.

8/8/2019 Win 2003 Backup

4/18




Table of contents

Copyright Information ........................................................................................................ 2

Introduction......................................................................................................................... 3

Table of contents................................................................................................................. 4What is backup?.................................................................................................................. 5

Types of backups ........................................................................................................ 5

Volume Shadow Copy Technology ............................................................................ 6Permissions ................................................................................................................. 6System state data......................................................................................................... 7

Restore system state data ............................................................................................ 7

Backup data......................................................................................................................... 8

Where are the log files? ............................................................................................ 14Restore data....................................................................................................................... 14

Use the Restore and Manage Media tab ........................................................................... 16

Advanced options.............................................................................................................. 16Recovery Console ............................................................................................................. 16

Install Recovery Console .......................................................................................... 17

Remove Recovery Console....................................................................................... 17Automated System Recovery............................................................................................ 17

Create an ASR set ..................................................................................................... 18

Recover using ASR................................................................................................... 18

8/8/2019 Win 2003 Backup

5/18




What is backup?

Before we start with the actually backup we must know what we are doing. This section

will give you all the information you need to understand how backup works.

Types of backups

Normal backupThe normal backup isnormal (surprised?). So, what does this mean? It simply

means that it copies all the files you have marked to be backed up, and marks the

files as having been backed up. You also only need the most recent copy of thebackup file (other types of backups requires several files, see below) to restore.

This type is usually what you use the first time you backup files.

Incremental backupThe incremental backup backs up only those files that have been created or

changed since last incremental or normal backup. It also marks the files as having

been backed up. A combination of Normal backups and Incremental backups iscommon, and also a very good combination. It also requires the least amount if

storage space and is fast for backing up the data. The disadvantage of this is that

its time-consuming to recover files, simply because you need the last normal

backup set and all incremental backup sets, which can be stored on several backupdrives or tapes.

Differential backupThe differential backup is similar to the incremental backup and only copies filesthat have been created or changed since the last normal or incremental backup.

No, it wasnt a typo, it doesnt check if a differential backup has been run. This is

because differential backups does not mark files as having been backed up. Acombination of differential backups and normal backups is more time-consuming

concerning the backup part then the incremental + normal backups are. But on the

other hand it is faster to restore data because all you need is the last normalbackup and the last differential backup.

Copy backupA copy backup copies all the files you have selected, but does not mark the files

as having been backed up. This backup type is useful when you must backupsingle files between normal and incremental backups because it does not affectthese operations.

Daily backupThe daily backup copies all the files that you have selected that have beenmodified on the day, without marking the files as having been backed up.

8/8/2019 Win 2003 Backup

6/18




Volume Shadow Copy TechnologyThis is a new technology in Windows Server 2003 that did not exist in Windows 2000

Server. This technology is used to create a copy of the original volume at the time abackup is initiated. Data is then backed up from the shadow copy instead of the original

volume. By doing this, all activity such as file changes, will not affect the backup,

because it is using the shadow copy instead, which is not changed. So with this new

feature users can access files during a backup, files are not skipped because they were inuse, files open appears to be closed.

You should use Volume Shadow Copy, but you can disable it. The only time when youwant to disable it is when you dont have enough free disk space. As you can imagine

you need as much extra disk space as the file you will backup uses. This consumption of

disk space is however temporarily and will be free when the backup is completed.

If sufficient temporary disk space is not available Windows Server 2003 cannot complete

shadow copy and the backup will skip open files.

To use this feature you must use NTFS as file system.

Volume Shadow Copy does not mean that you from now on can backup when the serverusage is high. You should always backup when its low, for example at nights and

weekends.

[Volume Shadow Copy can be used for several other things. In this text Im covering the backup part ofVolume Shadow Copy.]

Permissions

Not everyone can backup files and folders and you must have certain permission to do

this. To be able to backup any file and folder on a local computer you must be anadministrator or a backup operator in a local group on that computer. Likewise, to be able

to backup any computer in a domain you must be administrator or backup operator on the

domain or a domain with which they have a two-way trust relationship.

You can however always backup files and folders for which you have ownership of or

one or more of the following permissions for the file and/or folder: Read, Read and

execute, Modify, Full Control.

You can also be limited in the backup because of disk-quota restrictions that may restrict

your access to the hard disk. To check this, right click the disk you want to save the datato and clickProperties. Then click the Quota tab.

8/8/2019 Win 2003 Backup

7/18




Good practice is to limit access to a backup file so only administrators and the owner (the

one who created the backup file) is able to restore files and folders. This is available as anoption during the backup wizard.

System state data

You can choose to do a System State backup, and this is very important if you want to be

able to get a functional system in the event of a crash. This table shows which

components that are backed up on a System State backup.

Component Included in System State Backup

Boot files and system files Yes

Registry Yes

COM+ Yes

System files under Windows File Protection Yes

Active Directory, directory service If its a domain

SYSVOL directory If its a domain controllerIIS Metadirectory If its installed

Certificate Services database If its a Certificate Services server

Cluster Service information If its within a cluster

You dont have to know which of these components to backup. The Backup Utility

included in Windows Server 2003 will choose this when you perform a System State

backup. Likewise you cannot choose which components to restore; all the System Statedata will be restored. This is due to dependencies among the components. You can

however restore the System State data to an alternative location. This does not mean that

you can restore it to another computer and think it will work as the one you backed up.

Not all data is restored when you restore to an alternative location. Only the componentsSystem boot files, registry files, SYSVOL directory files and Cluster database

information files will be restored.

Restore system state data

If you are running in a non-domain environment all you have to do is follow the restore

wizard (more about this later). But if you have to restore a Domain Controller it is not

that simple. There are three different restore methods:

Primary restore Normal restore Authoritative restore

Depending on what you have to restore, if it must be restored to other Domain

Controllers, or if you have more then one Domain Controller you use different methods.

8/8/2019 Win 2003 Backup

8/18




Primary restoreThis is the type you should use when all Domain Controllers are lost and you are

building up the domain from backup. But you should only use this when restoringthe first replica set (SYSVOL and File Replication Service is example of

replicated data sets). This is also the type you use when restoring a standalone

Domain Controller.

Normal restoreWhen doing a normal restore, Backup is working in nonauthoritative mode. That

means that any data (including Active Directory objects) will have their original

sequence number. This is the number AD replication uses to detect if there areany new objects to replicate to other servers. So when you use Normal restore any

data will appear as old and will therefore not replicate to other servers. If newerdata is available, it will of course replicate to the restored server. This method is

used when restoring all but the first replica set and when restoring a single domain

controller in a replicated environment.

Authoritative restoreThis is the third method. To perform an authoritative restore you have to run autility called Ntdsutil. This must be run after you have restored the System State

data, but before you restart the server. When you perform this kind of restore the

sequence number of Active Directory objects are changed so that it has a highernumber. This will ensure that any data you restore will be replicated (because

Active Directory replication thinks its new). This is a little bit difficult to

understand, but if you compare this to Normal restore, Normal restore will alwaysmark objects as old, and authoritative restore will always mark objects as new. So

simply said, use Authoritative restore when you have changed something and the

change has been replicated to all other servers and you want to undo the change.

Remember: You must start a Domain Controller in Directory Services Restore Mode(press F8 during startup) to be able to restore System State data on a Domain Controller.

Backup data

We will use this backup scheme to create our backups.

Day Type of backup

Friday night Full backup (normal)Saturday night Incremental, files and folders only

Sunday night Incremental, files and folders only

Monday night Incremental, files and folders only

Tuesday night Incremental, files and folders only

Wednesday night Incremental, files and folders only

Thursday night Incremental, files and folders only

8/8/2019 Win 2003 Backup

9/18




Designing a good backup scheme is not always as simple as you might think. Questionslike, what should I backup and when should I back it up occurs. The answer to these

questions varies for every network and every server. Say that you will back up a Domain

Controller and you add objects to Active Directory all the time. Then the above scheme

would not be recommended. Youll have to backup System State data at least one moretime during the week (if not every day). The above scheme does likewise not have to

apply web servers. Youll have to find out when the load is as low as possible on the web

server and use this information to find out what kind of backup scheme you want to use.Here are some general rules:

Backup when the load is as low as possible If System State data is changed frequently, back it up more often If files and folders are changed often, perform Full Backup more often You will most likely have to perform backups beside this scheme. When doing

this, if it is possible, do not use Full Backup or Incremental Backup because it can

disturb the normal backup scheme (files are marked as already backed up).Sooner or later you wont know where files are and it can be very time-consuming

to restore.

Consider what you think is most important, a fast backup or to be able to restorefast, you cannot have both these features.

ClickStart->Run and type ntbackup

Click the Advanced Mode link

ClickBackup Wizard (Advanced)

ClickNext

Make sure Back up everything on this computer is selected and clickNext

8/8/2019 Win 2003 Backup

10/18




We will backup to a file, you can place it wherever you want, just make sure youname itFriday and clickNext

ClickAdvancedMake sure Normal is selected as type of backup and clickNext

Check the box Verify data after backup and clickNext (You will most likely

have errors when the backup is completed and verified. This is because SystemState data is changed all the time. If there are too many errors, there might be

problems with the file you are using to back up data.)

8/8/2019 Win 2003 Backup

11/18




ClickReplace the existing backups and clickNext

ClickLater and in the Job Name box typeFriday Nights, clickSet Schedule

In Schedule Taskselect Weekly and as Start time 11:00 PM (or whenever you

want the backup to be scheduled). Make sure its set to run every 1 week and onFridays. ClickOK

8/8/2019 Win 2003 Backup

12/18




You will be prompted to run the task as a user. Use a user with privileges to

backup data.ClickNext

ClickFinish

The Backup Wizard should close and you should be back in the Backup Utility. You can

now verify that the backup is scheduled by clicking on the Schedule Jobs tab.

8/8/2019 Win 2003 Backup

13/18




In case you want to edit the backup you can do it from here. Just click the backup symbolon the day you want to edit.

Click the Welcome tab and start the Backup Wizard again.

ClickNextSelect Backup selected files, drives or network data and clickNext

Expand My Computer in the left pane and select all drives (in my case C: and

D:) and clickNext

Name it Monday and clickNext

ClickAdvanced

8/8/2019 Win 2003 Backup

14/18




Select Incremental as type of backup and clickNext

Check the box Verify data after backup and clickNextClickReplace the existing backups and clickNext

ClickLater and in the Job Name box type Monday Nights, clickSet Schedule

In Scheduled Taskselect Weekly and as Start time 11:00 PM (or whenever you

want the backup to be scheduled). Make sure its set to run every 1 week and onMondays.

ClickAdvanced and set the Start Date the same day as when the full backup will

run. In my case that is January 03, 2003, so that is the start date I choose. Click

OK, clickOK

You will be prompted to run the task as a user. Use a user with privileges to

backup data.ClickNext

ClickFinish

Use the steps above to create incremental backups for the other five days of week. Of

course all this can be done by writing a script, but Ill leave that for now. And again, thisis only a suggestion for a backup strategy. A backup strategy varies from company to

company and it is not something you develop in one hour. You must analyze and find outwhat fits your company best. Also remember that if you followed the steps above, you

will only save the backup files for a week. This is probably not what you want, and you

have to schedule a script to move the files every week.

Where are the log files?

Of course you should read the log files so you are sure that the backup was successful.

You do this be looking in Event Viewer for error messages, and you can also read acomplete report by clicking Report on the Tools menu. If you want to log more or less,

take a look in the Options on the Tools menu, and click on the Backup Log tab.

Restore data

Its Wednesday, and you discover that an important file is corrupt. The question is, how

do I restore the file from a backup?

Well, its quite simple. The first thing we have to do is locate where the file are. If weknow where on the disk its supposed to be, we can start from the latest incremental

backup (Tuesday) and try to find it. If its not there, it means that the file was not altered,and we have to try the next file (Monday). On the other hand if we do not know where

the file is, we have to restore the full backup file (Friday), find the file, and then find out

if there is a newer version.

If the Backup Utility is not open, open it and click on the Advanced Mode link.

8/8/2019 Win 2003 Backup

15/18




ClickRestore Wizard

ClickNextExpand Tuesday.bkf, find the file you want to restore and check the box in front

of the file. In my case it is 0055.txtinD:\sql

ClickNext

ClickAdvanced

Select Single Folder. This is because I am only restoring one file, and I dont

want to restore it to the original location. If I choose Alternate Location it willkeep the folder structure (in my case it will create the foldersql). Usually you will

use Alternate Location when restoring files.

8/8/2019 Win 2003 Backup

16/18




In Folder Name type where you want to restore the file (in my case c:\restore)and clickNext

Select Leave existing files and clickNext

Make sure Restore security settings and Preserve existing volume mount

points are selected and clickNextClickFinish

Thats it! The file is restored.

You use the same process to restore System State data. Just remember that if you are

restoring the System State data on a Domain Controller you must start the computer inDirectory Services Restore Mode, which you access be pressing F8 when the computer is

starting. And if you want to perform an Authoritative restore, remember to run ntdsutil

before restarting the computer. More info about the ntdsutil can be found by typing

ntdsutil /? in a command prompt.

Use the Restore and Manage Media tab

This is the tab where you format tapes, mark a tape as free, delete catalogs etc. And

everything is very simple to do, just right click the object you want to do something with,

and choose what you want to do.

Advanced options

There are a lot of other options you can set to get the Backup Utility to work as you want.

You access this from the Tools menu and then clickOptions. I will not write about

everything here, instead I recommend you take a look there and if there is some optionyou do not understand, use the ? in the upper right to get more info about it.

Recovery Console

When nothing else works, Recovery Console saves you. You can use Recovery Console

when you cannot boot into safe mode to read and write data (including NTFS) on local

drives, enable and disable services, and many other things.

You can start the Recovery Console in two ways:

Boot the Windows Server 2003 CD and start the setup. When the text-based setupbegins follow the prompts and choose recover by pressing R

Select Recovery Console from the list of available Operating Systems. To do thisyou must run a x86-based computer and install Recovery Console.

8/8/2019 Win 2003 Backup

17/18




When you have started the Recovery Console, you will have to choose which OperatingSystem to recover (if you are multi-booting). After that you will be prompted for the

password for the administrator account. When you are logged on you will get a console

from which you perform all tasks. This console is very similar to the command prompt in

Windows Server 2003. The only command you have to remember is help. By writing thatyou will get a list of available commands to use. If you dont know how to use a

command, write the command name followed by/? . To exit the Recovery Console, writeexit.

Install Recovery Console

You can only install the Recovery Console on a x86-based computer.

ClickStart and then Run

Type (where x is the CD-ROM drive letter)x:\i386\winnt32.exe /cmdconsFollow the wizard

Remove Recovery Console

Open My Computer and double click the hard drive on which you installed the

Recovery Console

Click on Tools->Folder Options

Click on the View tab, checkShow hidden files and folders and clear the Hideprotected operating system files check box

At the root directory delete the folderCmdcons and the file Cmldr

Right clickMy Computer and clickPropertiesClick on the Advanced tab and underStartup and Recovery click the Settings

button

In System startup click the Edit button. This will display boot.ini in NotepadRemove the entry for Recovery Console, it will look like:

C:\cmdcons\bootsect.dat=Microsoft Windows Recovery Console /cmdcons

Save the file

Remember that the boot.ini is a very important file, and if you modify this incorrectlyyou can cause the computer to not boot up.

Automated System Recovery

8/8/2019 Win 2003 Backup

18/18




Do you remember Emergency Repair Disk (ERD)? Forget about it. Well, ok, not yet, you

have probably still some Windows 2000 Servers. But ERD is replaced by AutomatedSystem Recovery (ASR) in Windows Server 2003. ASR is a last resort and should only

be used when options like Safe Mode and Last Known Good Configuration fails. ASR

consists of two parts backup and restore. The backup part can be accessed through the

Automated System Recovery Preparation Wizard in the Backup Utility. This wizardbacks up the System State data, system services and all disks associated with the

operating system components. It also creates a floppy disk that you should store in a safe

place. This floppy disk contains for example information about the backup.

When recovering by using ASR it will use the floppy disk to read the disk configuration

and restore the disk signatures, volumes and partitions that is required to start yourcomputer. ASR then installs a simple installation of Windows and automatically starts to

restore from the backup ASR created in the wizard.

ASR will not backup data files. That should be backed up separately.

Create an ASR set

Start the Backup Utility by clicking Start->Run and type ntbackup

The Backup or Restore Wizard starts by default, we will not use this(though we

could) , so click the Advanced mode link

On the Welcome tab, clickAutomated System Recovery WizardThe wizard is pretty self-explained so follow it

Recover using ASR

Boot from the Windows Server 2003 CD and start the installation.If you have a mass storage controller and must install drivers for it, do that by

pressing F6 when prompted

Press F2 when prompted. You will be prompted to insert the ASR floppy, do that.

Follow the wizard

You will reboot and if you pressed F6 previously, do that again when promptedFollow the wizard

win 2003 backup

Documents