Professional Windows Server 1002003 Security A Technical Reference [Electronic resources]

Roberta Bragg

نسخه متنی -صفحه : 194/ 141

How to Use Ntbackup

The ntbackup tool can be used for all basic backup processes, including the following:

Immediate or scheduled backup of files to disk, tape, or optical disc

System state backup, the backup of important system files and configuration data

Restore from backup

Restore systems state data

Automated Systems Recovery

Automated Systems Recovery (ASR) is detailed in the section "Automated Systems Recovery" later in this chapter. ntbackup can be used via the backup GUI or at the command line. Backup can be scheduled or scripted. Backup over the network can be configured, but the system state backup must be done locally.

Many excellent third-party products extend the functionality of ntbackup, and you should be sure that the companies that create them understand how Windows Server 2003 operates to ensure that they are able to back up and restore critical system data.

Back Up Files and Folders

To back up files without having the Read, Modify, Full Control, or Owner permission, a user must be a member of either the Administrators or Backup Operators groups or be granted the Backup Files and Folders permission. A member of the Backup Operators group in the domain can back up files on any computer in the domain. Backup rights can be granted to other custom groups, and users with the following rights can also backup a file: Read, Read and Execute, Modify, or Full Control. Administrators and members of the Backup Operators group also have the right to restore backed up data. You can restrict access to specific backups by using the Allow only the owner and the administrator access to the backup data option in the Backup Job Information dialog box before the backup is made.

To do an immediate complete backup of all information on the computer follow these steps:

Open the ntbackup utilityStart, All Programs, Accessories, System Tools, Backup, and then click Next.

Click Backup files and settings.

Click Next.

Select All information on this computer and click Next.

Or, select Let me choose what to backup, expand the directory in the left-hand pane, and select the folders or use the detail pane to select files to back up, as shown in Figure 17-1.

Figure 17-1. Select the folders to back up.

Select the backup type if multiple ways to back up are available, such as tape and disk. (If you back up to disk, make sure the disk can be accessed if there is a system failure such as a writeable CD-ROM, or plan to transfer the backup to an offline disk that can be.)

If the backup type is file, select the location to store the backup.

Enter a name for the backup and, if the backup is to disk, read the warning that you will need a floppy disk for system recovery information, and then click Next.

Click Finish to start the backup.

For additional options, such as scheduling a backup, you must start Backup in Advanced mode. To do so, follow these steps:

Go to Start, All Programs, Accessories, System Tools, Backup and do not click Next.

On the Welcome page, click Advanced Mode and click Next.

Click the Backup Wizard (Advanced) button and click Next to start the wizard. You can also use the Backup tab, as shown in Figure 17-2, to perform a simple immediate backup. If you also attempt to add a new job on the Schedule Jobs page, the advanced wizard will run and allow you to use these selections or change them.

Figure 17-2. In advanced mode, files and folders are selected from the Backup tab.

Volume Shadow Copy Service" for more information.)

14.

Select whether to Append this backup to the existing backups or Replace the existing backups, as shown in Figure 17-3, and then click Next.

Figure 17-3. Select backup options.

15.

Chose to run the backup Now or Later. If Later is selected, enter a job name for the backup and use the Set Schedule button, as shown in Figure 17-4, to enter a schedule for the job. If required, select a schedule for running the backup, and then click Next.

Figure 17-4. Restore from incremental backups requires the use of all incremental backups.

16.

Enter an account, password, and password confirmation to run the backup, click OK, and then click Finish.

17.

If running the backup now, a Backup Progress dialog appears and provides information on the estimated time of completion of the backup and its progress.

18.

When backup is complete, click Report to view the report log. Backup logs are stored in the profile of the user doing the backup (at Local Settings, Application Data, Microsoft, Windows NT, ntbackup, data, bacupxx.log, where the xx is a two-digit number).

One of the most common backup strategies is to make a normal backup on a Sunday, and then either incremental or differential backups every day of the week. If a restore is necessary and incremental backups were made, the normal backup from Sunday and all the incremental backups must be applied to perform a restore. If a restore is necessary and differential backups were made, the Sunday backup and the last differential backup are necessary. This difference is illustrated in Figures 17-4 and 17-5. The backup tapes used for incremental or differential backups are rotated each week, but the normal Sunday backups are usually kept for 30 days, and an end-of-month tape is kept for a year. Tapes that are reused should be periodically replaced with new tapes. Check the manufacturer's instructions to determine the correct replacement timeframe.

Figure 17-5. Restore from differential backups requires the use of only the last differential backup.

NOTE: Incremental or Differential?

Differential backup is often selected because of its conveniencefewer tapes are necessary for a restore. However, if change is volatile, it may take too long to back up all changes every day. In this case, incremental backups are better.

Default Backup options are set from the Tools, Options pages of Backup. The menus are displayed when ntbackup is started in Advanced mode. Table 17-2 lists the advanced backup options.

Table 17-2. Advanced Backup Options
Option	Description
`Disable volume Shadow Copy`	A volume Shadow Copy is not made.
`Backup type`	Determines how data is backed up.
`Back up data that has been moved to remote storage`	If remote storage has been set up, files that have not been used for some time may have been moved to remote storage. They ordinarily would not be backed up.
`Verify data after backup`	Checks to see that backed up data is the same as original data.
`Compress backup data`	Saves space on the backup media.
`Backup system protected files with the system state.`	Backs up system files in the systemroot directory in addition to the boot files included with the system state data. Adds substantially to the size of backup but is a good idea after system files have been changed or new drivers added.

System State Backup

In addition to backing up applications and files, you must ensure that system state data is backed up. System state backup backs up critical system files and configuration data. These files are necessary to recover a server and must be restored in a certain order. Do not attempt to use a normal file backup to manage system state backup. The following items are always backed up when a system state backup is made:

Registry

COM+ Class Registration database

Boot files

System files that are under Windows File Protection

In addition, the components in Table 17-3 are backed up if the requisite service or application is installed.

Table 17-3. Optional Components Backed Up
Component	Is Backed Up If
Certificate services database	The server is a certification authority.
IIS metadirectory	If IIS is installed.
Active Directory database (ndts.dit)	If the server is a domain controller.
SYSVOL directory	If the server is a domain controller.
Cluster service information	If the server is within a cluster.

To make a system state backup, follow these steps:

Open the ntbackup backup utility.

Click Advanced Mode.

Select Backup Wizard (Advanced) and click Next.

Select Only back up the System State data, as shown in Figure 17-6, and then click Next.

Figure 17-6. The main difference in the advanced backup wizard and the standard wizard is the opportunity to select a system state backup.

If necessary, select a backup destination and provide a name for the backup, and then click Next.

To make an immediate backup of the system state, click Finish. Otherwise, click the Advanced button and follow the previous backup instructions to complete the backup.

The system state data is critical, sensitive information that might allow an attacker to compromise the system. Always ensure the safe storage of the system state data.

NOTE: Skipped File During System State Backup May Be Ok

After backing up the system state, an error may report that some files were skipped. Examine the backup report. If the backup report includes only the error: Warning: unable to open "C:\windows\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory", the integrity of the backup is OK according to Microsoft (see KB article 822132). It seems that this file should not be backed up, but under some circumstances, backup may attempt to do so.

Backup Defaults and Configuration Options

It is not necessary to use the backup wizard; instead, many options can be set manually. Select individual tabs to configure the backup:

Welcome tab Choose the Backup Wizard (Advanced), Restore Wizard, or ASR Wizard.

Backup tab Select the files to back up. Back up system state data. Select the Tools menu, then select options to open the backup Property pages.

General tab Change defaults, as shown in Figure 17-7.

Figure 17-7. Change defaults on the General tab.

Backup Type tab Change default backup type, as shown in Figure 17-8. (Backup types were detailed in Table 17-1.)

Figure 17-8. Change backup types on the Backup Type tab.

Backup Log tab Change how much information is added to the log, as shown in Figure 17-9.

Figure 17-9. Select the amount of detail for the backup tab.

Exclude Files tab Remove files listed to not be backed up. Add files to skip, as shown in Figure 17-10. Excluded files include those that run the volume copy shadow service, pagefile.sys, and so on.

Figure 17-10. Remove or add files to the "not to be backed up" list.

Restore and Manage Media tab Restore files and folders from backup.

Schedule Job tab Change or add schedules.

Command-Line Backup

ntbackup can be used to back up at the command line or within a script. You cannot restore files from backup using the ntbackup command. Any option that is not specified in the command line defaults to those set in the backup program. The general form for the command is

Ntbackup backup logical_disk_path_and_file_name /J name_of_the_job /F or_ /Tand_the_filename_or_tape_name_to_put_backup_on

Any options left off the command default to those configured in the backup program.

To create a normal backup named Backup job 2 that backs up the system state data to the D:\systemstate.bkf file, use

Ntbackup backup systemstate /M normal /J "backup job 2" /F "D:\systemstate.bkf"

To set advanced options such as verifying data, using hardware compression or volume shadow copy, use the following syntax. For an explanation, see Table 17-4:

ntbackup backup /V:{yes|no} /HC:{on|off} /SNAP:{on|off}

Table 17-4. ntbackup Advanced Options
Value	Option	Description
`/V:`	Yes \| No	Verify data or do not verify data
`/HC:`	On \| Off	Use hardware compression or not
`/SNAP:`	On \| Off	Use volume shadow copy or not

A complete ntbackup command syntax is located in the local Windows Server 2003 help files.

Here's a sample command that would create the backup job "Backup 1", back up data on drive E:\ to the file D:\mybackup.bkf, and verify the data:

ntbackup backup E:\ /J "Backup 1" /F "D:\mybackup.bkrf" /V:yes

TIP: An Easy Way to Write Backup Commands

To quickly and accurately create a backup command, create a scheduled backup job and then open the Scheduled Tasks control panel. The full command line is displayed in the control panelcopy this command into a batch file and modify if necessary.

Restore Files and Folders

The backup program can also be used to restore files and folders from a backup. To restore individual files or folders, follow these steps:

Open the Backup program from Start, All Programs, Accessories, System Tools, Backup.

Click Advanced Mode.

Click the Restore Wizard (Advanced) button and click Next.

Select Items to restore and click Next.

If you want to use the default restore settings, click Finish and skip to step 10; if not, click the Advanced button and continue.

Select the destination for the restored files and folders. Choices are the original location, an alternate location, or a single folder; click Next. If an alternate location is selected, the Browse button and an alternate location text box will be added to the page for your use.

Select whether to leave or replace existing files, as shown in Figure 7-11, and then click Next.

Select advanced restore options, as shown in Figure 7-12, and then click Next.

Figure 17-11. Select what to do with any existing files.

Figure 17-12. Select advanced restore options.

Click Finish to start the restore.

10.

Click the Report button to view a report of the restore.

Alternatively, the Restore and Manage Media tab can be used to restore files and folders:

Click the Restore and Manage Media tab.

Click the media to restore, and click the check boxes next to the drives, folders, and/or files to restore.

Use the Restore files to: drop-down box to specify the location to restore the files, either to the Original location (where files were located when they were backed up), to an Alternate location, or to a Single folder, as shown in Figure 17-13.

Figure 17-13. Use the Restore and Manage Media tab to restore files and folders.

[View full size image]

If you select Alternate location or Single folder, enter the location where the data should be restored or browse to that location and click OK.

To change restore options, click the Tools menu, click Options, and then click the Restore tab, as shown in Figure 17-14. After selecting restore options, click OK.

Figure 17-14. Select the restore options.

Click Start Restore.

A popup dialog can be used to select advanced options, as shown in Figure 17-15. If advanced options are required, click Advanced and set options, and then click OK.

Figure 17-15. Select the advanced restore options.

Click OK to start restore.

A Restore Progress dialog appears, which tracks the restore progress. When it is complete, click Report to view the report or click OK to close the window.

Restore System State Backup

When you restore system state data, you can restore it to the same location or to an alternative location. If you restore to a different location, some data will not be restored. Specifically, only registry files, SYSVOL directory files, cluster database information, and system boot files are restored. When restoring the system state data to the original location, the current system state data is erased, and the backup is restored. This is the opposite of the default for file backup, which does not overwrite existing files unless the default has been changed.Active Directory Restore."