You are on page 1of 18

http://www.ilopia.

com

Backup Windows Server 2003


By: Kristofer Gafvert

________________________________________________________________________
Copyright © 2002 Kristofer Gafvert 1
May not be republished
http://www.ilopia.com

Copyright Information
Copyright © 2003 Kristofer Gafvert (kgafvert@ilopia.com). No part of this publication
may be transmitted, reproduced, or republished in any way, without written permissions
by the author. The only website that is allowed to publish this document is ilopia.com,
and its sub domains. If this document was downloaded from another website, please
contact the author by using the email address above.

If any of these rules are broken, legal actions will be taken for plagiarism. Plagiarism is
against the law!

________________________________________________________________________
Copyright © 2002 Kristofer Gafvert 2
May not be republished
http://www.ilopia.com

Introduction
”Oh no, the hard disk crashed, all data is gone, what do I do now?” Recognize this? I
hope not. Every administrator should have backed up all the data. And to do that we need
some kind of software (ok, we can do it manually by using ctrl+c and ctrl+v, but do you
want to do that?). The backup utility in Windows Server 2003 is such software. And it’s
better then ever now, with things like Open File Backup (files can be accessed by users
the same time it’s backed up). The storage medium can be a logical drive, such as your
hard disk, a removable drive, or a library with disks or tapes controlled by a robot. Read
on and find out what’s new, how you perform backups and how it works.

________________________________________________________________________
Copyright © 2002 Kristofer Gafvert 3
May not be republished
http://www.ilopia.com

Table of contents
Copyright Information ........................................................................................................ 2
Introduction......................................................................................................................... 3
Table of contents................................................................................................................. 4
What is backup?.................................................................................................................. 5
Types of backups ........................................................................................................ 5
Volume Shadow Copy Technology ............................................................................ 6
Permissions ................................................................................................................. 6
System state data......................................................................................................... 7
Restore system state data ............................................................................................ 7
Backup data......................................................................................................................... 8
Where are the log files? ............................................................................................ 14
Restore data....................................................................................................................... 14
Use the Restore and Manage Media tab ........................................................................... 16
Advanced options.............................................................................................................. 16
Recovery Console ............................................................................................................. 16
Install Recovery Console .......................................................................................... 17
Remove Recovery Console....................................................................................... 17
Automated System Recovery............................................................................................ 17
Create an ASR set ..................................................................................................... 18
Recover using ASR................................................................................................... 18

________________________________________________________________________
Copyright © 2002 Kristofer Gafvert 4
May not be republished
http://www.ilopia.com

What is backup?
Before we start with the actually backup we must know what we are doing. This section
will give you all the information you need to understand how backup works.

Types of backups

• Normal backup
The normal backup is…normal (surprised?). So, what does this mean? It simply
means that it copies all the files you have marked to be backed up, and marks the
files as having been backed up. You also only need the most recent copy of the
backup file (other types of backups requires several files, see below) to restore.
This type is usually what you use the first time you backup files.

• Incremental backup
The incremental backup backs up only those files that have been created or
changed since last incremental or normal backup. It also marks the files as having
been backed up. A combination of Normal backups and Incremental backups is
common, and also a very good combination. It also requires the least amount if
storage space and is fast for backing up the data. The disadvantage of this is that
it’s time-consuming to recover files, simply because you need the last normal
backup set and all incremental backup sets, which can be stored on several backup
drives or tapes.

• Differential backup
The differential backup is similar to the incremental backup and only copies files
that have been created or changed since the last normal or incremental backup.
No, it wasn’t a typo, it doesn’t check if a differential backup has been run. This is
because differential backups does not mark files as having been backed up. A
combination of differential backups and normal backups is more time-consuming
concerning the backup part then the incremental + normal backups are. But on the
other hand it is faster to restore data because all you need is the last normal
backup and the last differential backup.

• Copy backup
A copy backup copies all the files you have selected, but does not mark the files
as having been backed up. This backup type is useful when you must backup
single files between normal and incremental backups because it does not affect
these operations.

• Daily backup
The daily backup copies all the files that you have selected that have been
modified on the day, without marking the files as having been backed up.
________________________________________________________________________
Copyright © 2002 Kristofer Gafvert 5
May not be republished
http://www.ilopia.com

Volume Shadow Copy Technology

This is a new technology in Windows Server 2003 that did not exist in Windows 2000
Server. This technology is used to create a copy of the original volume at the time a
backup is initiated. Data is then backed up from the shadow copy instead of the original
volume. By doing this, all activity such as file changes, will not affect the backup,
because it is using the shadow copy instead, which is not changed. So with this new
feature users can access files during a backup, files are not skipped because they were in
use, files open appears to be closed.

You should use Volume Shadow Copy, but you can disable it. The only time when you
want to disable it is when you don’t have enough free disk space. As you can imagine
you need as much extra disk space as the file you will backup uses. This consumption of
disk space is however temporarily and will be free when the backup is completed.

If sufficient temporary disk space is not available Windows Server 2003 cannot complete
shadow copy and the backup will skip open files.

To use this feature you must use NTFS as file system.

Volume Shadow Copy does not mean that you from now on can backup when the server
usage is high. You should always backup when it’s low, for example at nights and
weekends.

[Volume Shadow Copy can be used for several other things. In this text I’m covering the backup part of
Volume Shadow Copy.]

Permissions

Not everyone can backup files and folders and you must have certain permission to do
this. To be able to backup any file and folder on a local computer you must be an
administrator or a backup operator in a local group on that computer. Likewise, to be able
to backup any computer in a domain you must be administrator or backup operator on the
domain or a domain with which they have a two-way trust relationship.

You can however always backup files and folders for which you have ownership of or
one or more of the following permissions for the file and/or folder: Read, Read and
execute, Modify, Full Control.

You can also be limited in the backup because of disk-quota restrictions that may restrict
your access to the hard disk. To check this, right click the disk you want to save the data
to and click Properties. Then click the Quota tab.

________________________________________________________________________
Copyright © 2002 Kristofer Gafvert 6
May not be republished
http://www.ilopia.com

Good practice is to limit access to a backup file so only administrators and the owner (the
one who created the backup file) is able to restore files and folders. This is available as an
option during the backup wizard.

System state data

You can choose to do a System State backup, and this is very important if you want to be
able to get a functional system in the event of a crash. This table shows which
components that are backed up on a System State backup.

Component Included in System State Backup


Boot files and system files Yes
Registry Yes
COM+ Yes
System files under Windows File Protection Yes
Active Directory, directory service If it’s a domain
SYSVOL directory If it’s a domain controller
IIS Metadirectory If it’s installed
Certificate Services database If it’s a Certificate Services server
Cluster Service information If it’s within a cluster

You don’t have to know which of these components to backup. The Backup Utility
included in Windows Server 2003 will choose this when you perform a System State
backup. Likewise you cannot choose which components to restore; all the System State
data will be restored. This is due to dependencies among the components. You can
however restore the System State data to an alternative location. This does not mean that
you can restore it to another computer and think it will work as the one you backed up.
Not all data is restored when you restore to an alternative location. Only the components
System boot files, registry files, SYSVOL directory files and Cluster database
information files will be restored.

Restore system state data

If you are running in a non-domain environment all you have to do is follow the restore
wizard (more about this later). But if you have to restore a Domain Controller it is not
that simple. There are three different restore methods:

• Primary restore
• Normal restore
• Authoritative restore

Depending on what you have to restore, if it must be restored to other Domain


Controllers, or if you have more then one Domain Controller you use different methods.

________________________________________________________________________
Copyright © 2002 Kristofer Gafvert 7
May not be republished
http://www.ilopia.com

• Primary restore
This is the type you should use when all Domain Controllers are lost and you are
building up the domain from backup. But you should only use this when restoring
the first replica set (SYSVOL and File Replication Service is example of
replicated data sets). This is also the type you use when restoring a standalone
Domain Controller.

• Normal restore
When doing a normal restore, Backup is working in nonauthoritative mode. That
means that any data (including Active Directory objects) will have their original
sequence number. This is the number AD replication uses to detect if there are
any new objects to replicate to other servers. So when you use Normal restore any
data will appear as old and will therefore not replicate to other servers. If newer
data is available, it will of course replicate to the restored server. This method is
used when restoring all but the first replica set and when restoring a single domain
controller in a replicated environment.

• Authoritative restore
This is the third method. To perform an authoritative restore you have to run a
utility called Ntdsutil. This must be run after you have restored the System State
data, but before you restart the server. When you perform this kind of restore the
sequence number of Active Directory objects are changed so that it has a higher
number. This will ensure that any data you restore will be replicated (because
Active Directory replication thinks it’s new). This is a little bit difficult to
understand, but if you compare this to Normal restore, Normal restore will always
mark objects as old, and authoritative restore will always mark objects as new. So
simply said, use Authoritative restore when you have changed something and the
change has been replicated to all other servers and you want to undo the change.

Remember: You must start a Domain Controller in Directory Services Restore Mode
(press F8 during startup) to be able to restore System State data on a Domain Controller.

Backup data
We will use this backup scheme to create our backups.

Day Type of backup


Friday night Full backup (normal)
Saturday night Incremental, files and folders only
Sunday night Incremental, files and folders only
Monday night Incremental, files and folders only
Tuesday night Incremental, files and folders only
Wednesday night Incremental, files and folders only
Thursday night Incremental, files and folders only
________________________________________________________________________
Copyright © 2002 Kristofer Gafvert 8
May not be republished
http://www.ilopia.com

Designing a good backup scheme is not always as simple as you might think. Questions
like, what should I backup and when should I back it up occurs. The answer to these
questions varies for every network and every server. Say that you will back up a Domain
Controller and you add objects to Active Directory all the time. Then the above scheme
would not be recommended. You’ll have to backup System State data at least one more
time during the week (if not every day). The above scheme does likewise not have to
apply web servers. You’ll have to find out when the load is as low as possible on the web
server and use this information to find out what kind of backup scheme you want to use.
Here are some general rules:

• Backup when the load is as low as possible


• If System State data is changed frequently, back it up more often
• If files and folders are changed often, perform Full Backup more often
• You will most likely have to perform backups beside this scheme. When doing
this, if it is possible, do not use Full Backup or Incremental Backup because it can
disturb the normal backup scheme (files are marked as already backed up).
Sooner or later you won’t know where files are and it can be very time-consuming
to restore.
• Consider what you think is most important, a fast backup or to be able to restore
fast, you cannot have both these features.

Click Start->Run and type ntbackup


Click the Advanced Mode link
Click Backup Wizard (Advanced)
Click Next
Make sure Back up everything on this computer is selected and click Next

________________________________________________________________________
Copyright © 2002 Kristofer Gafvert 9
May not be republished
http://www.ilopia.com

We will backup to a file, you can place it wherever you want, just make sure you
name it Friday and click Next

Click Advanced
Make sure Normal is selected as type of backup and click Next

Check the box Verify data after backup and click Next (You will most likely
have errors when the backup is completed and verified. This is because System
State data is changed all the time. If there are too many errors, there might be
problems with the file you are using to back up data.)
________________________________________________________________________
Copyright © 2002 Kristofer Gafvert 10
May not be republished
http://www.ilopia.com

Click Replace the existing backups and click Next

Click Later and in the Job Name box type Friday Nights, click Set Schedule
In Schedule Task select Weekly and as Start time 11:00 PM (or whenever you
want the backup to be scheduled). Make sure it’s set to run every 1 week and on
Fridays. Click OK

________________________________________________________________________
Copyright © 2002 Kristofer Gafvert 11
May not be republished
http://www.ilopia.com

You will be prompted to run the task as a user. Use a user with privileges to
backup data.
Click Next
Click Finish

The Backup Wizard should close and you should be back in the Backup Utility. You can
now verify that the backup is scheduled by clicking on the Schedule Jobs tab.

________________________________________________________________________
Copyright © 2002 Kristofer Gafvert 12
May not be republished
http://www.ilopia.com

In case you want to edit the backup you can do it from here. Just click the backup symbol
on the day you want to edit.

Click the Welcome tab and start the Backup Wizard again.
Click Next
Select Backup selected files, drives or network data and click Next
Expand My Computer in the left pane and select all drives (in my case C: and
D:) and click Next

Name it Monday and click Next


Click Advanced

________________________________________________________________________
Copyright © 2002 Kristofer Gafvert 13
May not be republished
http://www.ilopia.com

Select Incremental as type of backup and click Next


Check the box Verify data after backup and click Next
Click Replace the existing backups and click Next
Click Later and in the Job Name box type Monday Nights, click Set Schedule
In Scheduled Task select Weekly and as Start time 11:00 PM (or whenever you
want the backup to be scheduled). Make sure it’s set to run every 1 week and on
Mondays.
Click Advanced and set the Start Date the same day as when the full backup will
run. In my case that is January 03, 2003, so that is the start date I choose. Click
OK, click OK
You will be prompted to run the task as a user. Use a user with privileges to
backup data.
Click Next
Click Finish

Use the steps above to create incremental backups for the other five days of week. Of
course all this can be done by writing a script, but I’ll leave that for now. And again, this
is only a suggestion for a backup strategy. A backup strategy varies from company to
company and it is not something you develop in one hour. You must analyze and find out
what fits your company best. Also remember that if you followed the steps above, you
will only save the backup files for a week. This is probably not what you want, and you
have to schedule a script to move the files every week.

Where are the log files?

Of course you should read the log files so you are sure that the backup was successful.
You do this be looking in Event Viewer for error messages, and you can also read a
complete report by clicking Report on the Tools menu. If you want to log more or less,
take a look in the Options on the Tools menu, and click on the Backup Log tab.

Restore data
It’s Wednesday, and you discover that an important file is corrupt. The question is, how
do I restore the file from a backup?
Well, it’s quite simple. The first thing we have to do is locate where the file are. If we
know where on the disk it’s supposed to be, we can start from the latest incremental
backup (Tuesday) and try to find it. If it’s not there, it means that the file was not altered,
and we have to try the next file (Monday). On the other hand if we do not know where
the file is, we have to restore the full backup file (Friday), find the file, and then find out
if there is a newer version.

If the Backup Utility is not open, open it and click on the Advanced Mode link.
________________________________________________________________________
Copyright © 2002 Kristofer Gafvert 14
May not be republished
http://www.ilopia.com

Click Restore Wizard


Click Next
Expand Tuesday.bkf, find the file you want to restore and check the box in front
of the file. In my case it is 0055.txt in D:\sql

Click Next
Click Advanced
Select Single Folder. This is because I am only restoring one file, and I don’t
want to restore it to the original location. If I choose Alternate Location it will
keep the folder structure (in my case it will create the folder sql). Usually you will
use Alternate Location when restoring files.

________________________________________________________________________
Copyright © 2002 Kristofer Gafvert 15
May not be republished
http://www.ilopia.com

In Folder Name type where you want to restore the file (in my case c:\restore)
and click Next
Select Leave existing files and click Next
Make sure Restore security settings and Preserve existing volume mount
points are selected and click Next
Click Finish

That’s it! The file is restored.

You use the same process to restore System State data. Just remember that if you are
restoring the System State data on a Domain Controller you must start the computer in
Directory Services Restore Mode, which you access be pressing F8 when the computer is
starting. And if you want to perform an Authoritative restore, remember to run ntdsutil
before restarting the computer. More info about the ntdsutil can be found by typing
ntdsutil /? in a command prompt.

Use the Restore and Manage Media tab


This is the tab where you format tapes, mark a tape as free, delete catalogs etc. And
everything is very simple to do, just right click the object you want to do something with,
and choose what you want to do.

Advanced options
There are a lot of other options you can set to get the Backup Utility to work as you want.
You access this from the Tools menu and then click Options. I will not write about
everything here, instead I recommend you take a look there and if there is some option
you do not understand, use the ? in the upper right to get more info about it.

Recovery Console
When nothing else works, Recovery Console saves you. You can use Recovery Console
when you cannot boot into safe mode to read and write data (including NTFS) on local
drives, enable and disable services, and many other things.

You can start the Recovery Console in two ways:

• Boot the Windows Server 2003 CD and start the setup. When the text-based setup
begins follow the prompts and choose recover by pressing R
• Select Recovery Console from the list of available Operating Systems. To do this
you must run a x86-based computer and install Recovery Console.
________________________________________________________________________
Copyright © 2002 Kristofer Gafvert 16
May not be republished
http://www.ilopia.com

When you have started the Recovery Console, you will have to choose which Operating
System to recover (if you are multi-booting). After that you will be prompted for the
password for the administrator account. When you are logged on you will get a console
from which you perform all tasks. This console is very similar to the command prompt in
Windows Server 2003. The only command you have to remember is help. By writing that
you will get a list of available commands to use. If you don’t know how to use a
command, write the command name followed by /? . To exit the Recovery Console, write
exit.

Install Recovery Console

You can only install the Recovery Console on a x86-based computer.

Click Start and then Run


Type (where x is the CD-ROM drive letter) x:\i386\winnt32.exe /cmdcons
Follow the wizard

Remove Recovery Console

Open My Computer and double click the hard drive on which you installed the
Recovery Console
Click on Tools->Folder Options
Click on the View tab, check Show hidden files and folders and clear the Hide
protected operating system files check box
At the root directory delete the folder Cmdcons and the file Cmldr
Right click My Computer and click Properties
Click on the Advanced tab and under Startup and Recovery click the Settings
button
In System startup click the Edit button. This will display boot.ini in Notepad
Remove the entry for Recovery Console, it will look like:
C:\cmdcons\bootsect.dat=”Microsoft Windows Recovery Console” /cmdcons
Save the file

Remember that the boot.ini is a very important file, and if you modify this incorrectly
you can cause the computer to not boot up.

Automated System Recovery

________________________________________________________________________
Copyright © 2002 Kristofer Gafvert 17
May not be republished
http://www.ilopia.com

Do you remember Emergency Repair Disk (ERD)? Forget about it. Well, ok, not yet, you
have probably still some Windows 2000 Servers. But ERD is replaced by Automated
System Recovery (ASR) in Windows Server 2003. ASR is a last resort and should only
be used when options like Safe Mode and Last Known Good Configuration fails. ASR
consists of two parts – backup and restore. The backup part can be accessed through the
Automated System Recovery Preparation Wizard in the Backup Utility. This wizard
backs up the System State data, system services and all disks associated with the
operating system components. It also creates a floppy disk that you should store in a safe
place. This floppy disk contains for example information about the backup.

When recovering by using ASR it will use the floppy disk to read the disk configuration
and restore the disk signatures, volumes and partitions that is required to start your
computer. ASR then installs a simple installation of Windows and automatically starts to
restore from the backup ASR created in the wizard.

ASR will not backup data files. That should be backed up separately.

Create an ASR set

Start the Backup Utility by clicking Start->Run and type ntbackup


The Backup or Restore Wizard starts by default, we will not use this(though we
could) , so click the Advanced mode link
On the Welcome tab, click Automated System Recovery Wizard
The wizard is pretty self-explained so follow it

Recover using ASR

Boot from the Windows Server 2003 CD and start the installation.
If you have a mass storage controller and must install drivers for it, do that by
pressing F6 when prompted
Press F2 when prompted. You will be prompted to insert the ASR floppy, do that.
Follow the wizard
You will reboot and if you pressed F6 previously, do that again when prompted
Follow the wizard

________________________________________________________________________
Copyright © 2002 Kristofer Gafvert 18
May not be republished