Microsoft Windows Server 2003 Deployment Kit [Electronic resources] : Planning Server Deployments نسخه متنی

Planning to Protect User Data

Windows Server 2003 provides new features that allow you to automate protecting and recovering user data. Most notably, using shadow copies provides a high level of user data protection, and also frees administrators or help desk personnel from dealing with user requests to restore single files. You will also want to consider including folder redirection in your data protection plan. The process of planning to protect user data is shown in Figure 1.8.

Figure 1.8: Planning to Protect User Data

Protecting User Data by Using Shadow Copies

Shadow copies increase the availability of data and reduce the administrative burden of restoring files. After an administrator has configured and enabled shadow copies, users themselves can restore earlier versions of files from point-in-time copies stored on general-purpose file servers that are running Windows Server 2003. Shadow copies are also available on server clusters running Windows Server 2003, Enterprise Edition and Windows Server 2003, Datacenter Edition.

You can enable shadow copies by using Windows Explorer, the Disk Management snap-in, or Shared Folders extension to the Computer Management snap-in. You can also automate administrative tasks that involve making shadow copies by using the command-line tool Vssadmin.exe.

Shadow copies work by making a block-level copy of any changes that have occurred to files since the last shadow copy. Only the changes are copied, not the entire file. As a result, previous versions of files do not usually take up as much disk space as the current file, although the amount of disk space used for changes can vary depending on the application that changed the file. For example, some applications rewrite the entire file when a change is made, whereas other applications append changes to the existing file. If the application rewrites the entire file to disk, the shadow copy contains the entire file. Therefore, you should consider how the applications in your organization manage changes to files, as well as the frequency and number of updates to files, when you plan how much disk space to allocate for shadow copies.

Shadow copies are designed for volumes that store user data, and are best suited for protecting user data stored on servers from the following problems:

Accidental deletion of files

Accidental overwriting of files (for example, when a user forgets to use Save As to create a new version of a file)

File corruption

Although shadow copies are made for an entire volume, users must use shared folders to access shadow copies. This is because shadow copies are designed to be accessed using the Common Internet File Sharing (CIFS) protocol. If you or your users want to access a previous version of a file that is not located in a shared folder, you must first share the folder. If you want to access shadow copies on a local server, you must use the \\servername\sharename path to access shadow copies.

The method of providing access to shadow copies from a given computer differs depending upon the operating system installed on the computer. Shadow copies can be accessed by computers running Windows Server 2003 and by computers running Microsoft Windows XP Professional on which you have installed the Previous Versions Client pack by running Twcli32.msi. This file is located in Windows Server 2003 in windir\system32\clients\twclient. You can install this file manually on clients or deploy the file by using the software distribution component of Group Policy. For more information about software distribution, see "Deploying a Managed Software Environment" in Designing a Managed Environment of this kit.

To access shadow copies from previous versions of Windows, including Windows 2000 and Windows XP Professional, you can download and install the Shadow Copy Client. For more information and to download the Shadow Copy Client, see the Shadow Copy Client Download link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.

If you have not yet deployed these operating systems or client packs on your clients, you can deploy one or more computers from which users can restore previous versions of files. You can also distribute the client pack on a case-by-case basis to users who request that files be restored.

For more information about shadow copies, see the following sources:

For more information about designing a shadow copy strategy, see "Designing and Deploying File Servers" in this book.

For more information about using shadow copies on server clusters, see "Using Shadow Copies of Shared Folders in a server cluster" in Help and Support Center for Windows Server 2003.

For more information about using Vssadmin.exe to create shadow copies, see "Vssadmin" in Help and Support Center for Windows Server 2003.

Protecting User Data by Using Folder Redirection

If users store their data on their local workstations, you can protect it by using folder redirection. With folder redirection, user folders, such as the My Documents folder, can be redirected to a Windows Server 2003 file server. With all files located on a central server, you can configure shadow copies on the server so that users can recover earlier versions of their files, and you can back up their files in accordance with your organizational standards. You can easily implement folder redirection in your organization by using Group Policy.

Folder redirection offers the following advantages:

Centralized user data for ease of backup

Excellent integration and transparency with roaming user profiles

Easily enforced disk quotas

To redirect special folders, in the Group Policy Object Editor snap-in to Microsoft Management Console (MMC), select the Group Policy object (GPO) that is linked to the site, domain, or organizational unit (OU) that contains the users whose folders you want to redirect. In the User Configuration\Windows Settings\Folder Redirection node of the Group Policy Object Editor, double-click Folder Redirection, right-click the special folder to redirect, and select Properties. Then you can configure redirection as either Basic or Advanced. With Basic redirection, the specified folders of all users are redirected to the same network share. With Advanced redirection, you can specify network share locations for redirection by user group.

If you have mobile users who travel with portable computers, working exclusively with folder redirection might not be feasible. To provide the benefits of folder redirection to mobile users while still making their data available to them when they travel, you can combine Offline Files with folder redirection. Offline Files allows users to download copies of their files from a server when they are connected to the network. If they modify files when they are not connected to the network, those files can be resynchronized with the server the next time the system is connected to the network. You can configure Offline Files options in a Group Policy object in the Computer Configuration\Administrative Templates\Network\Offline Files node of the Group Policy Object Editor.

For more information about redirecting folders, see "Implementing User State Management" in Designing a Managed Environment of this kit.