Both administrators and Backup Operators have 'Backup Files and Directories' and 'Restore Files and Directories' rights. Restore right also allows 'Remove NTFS permissions during restore' and 'transfer ownership'

ntbackup.exe found in Accessories, System Tools:

• backup local or remote folders
• use 'My Network Places' to specify shares, as drive mapping can change over time.
• 'Save Selection' command allows you to save list of selected files
• backup to removable drive or disk
• if saving to tape, media name must match name on tape
• backups to file create a .bkf file
• use backup to file on all servers and consolidate to a single server which does tape backups
• no support for writable CD/DVDs
• target device must be on local device, unless backing up to disk
• Advanced backup option allows you to choose type of backup:
• • Normal: all selected files are backed up, archive flag is cleared (Archive flag is set when a file is created or changed)
  • Incremental: backs up files that have their archive flag set, clears archive flag
  • Differential: backs up files with their archive flag set, does not clear flag
  • Copy Backup: all selected files are backed up, neither checks or changes archive flag
  • Daily Backup: all selected files that have been modified during the day are backed up. Does not check or change the archive flag.
• Restore options allow you to specify:
• • restore to original location
  • alternate location (preserves folder structure)
  • single folder (folder structure lost)
  • Overwrite options:
  • don't replace (default)
  • replace if newer
  • always replace

By default, permissions, auditting and ownership are restored. Click advanced in 'Confirm' dialog to deselct this option. Verify your backups by restoring to a test location. In a production environment, verify backup by restoring to the standby server.

Volume Shadow Copy Service

VSS also referred to as 'snap backup'. Allows backup of files that are held open or locked. Allows application to continue writing data during backup. Some applications will still require special procedures to perform backups (eg SQL) and VSS alone will not be suitable for backing up these applications. Using VSS, Windows 2003 automatically caches copies of files as they are modified. Designed to facilitate recovery from accidental damage to specific files, not to replace backups. Shadow copies of shared folders not enabled by default: enable via properties, shadow copies tab for drive in explorer or dskmgmt. Once enabled all shares on volume are shadowed. Default settings creates copies at 7:00am and noon, Mon-Fri, using 10% of drive. If you click disable on shadow copies tab, you delete all existing copies. As disk space fills, oldest copies are deleted. Each shadow copy, copies all data that has changed since last shadow copy. To access previous versions of a file or folder, select the previous versions tab from the prpoerties dialog. The shadow copy client can be installed from %systemroot%\system32\clients\twclient\x86. 'Previous versions' tab only available if all the following conditions are met:

• shadow copy client installed
• VSS enabled on server
• copy of file or folder exists
• file must be accessed through share path

If you restore to alternate location or to original location and file no longer exeists, then the file inherits the permissions of the container. If you restore to original location and the file still exists, restored copy takes on permissions of the original.

Removable Storage Management

RSM designed to manage robotic tape libraries and CDROM libraries. Accepts requests from other applications (eg ntbackup) to ensure correct media loaded. RSM also manages single-media devices, tracking media through serial numbers or labels. RSM recognises four media pool types:

• Unrecognised: blank or foreign format media
• Free: newly formated media or media marked as free
• Backup: media written to by ntbackup (ntbackup will only use blank media or backup media specified by name)
• Import: media not catalogued on local drive. Cataloguing a tape will move it to the backup pool.

Tape management commands:

• format (not a secure erase: use 3^rd party tools if required)
• retension
• mark as free

Ntbackup creates catalog listing on-disk and on-media. Media commands:

• catalogue
• delete catalogue

Backup options include 'Use the Catalogs on the Media to Speed Up Building Restore Catalogs on Disk'. Use this option if you have all the tapes in the backup set and you know they are not corrupted. otherwise you'll have to build Catalogue from contents on media (much slower). Other Options:

• Compute Selection Information Before backup and Restore Operations: files and bytes estimation
• Verify Data after backup Completes: logs discrepancies
• Backup the contents of Mounted Drives: backup mounted folders (not mapped drives)
• Show Alert if RSM not Running
• Show Alert if Recognised Media Available
• Show Alert when New Media Inserted
• Always Allow use of Recognised Media Without Prompting: eliminates need to allocate free media in RSM

Summary logging is the default and reports skipped files and errors: saves a maximum of 10 logs to %appdata%\microsoft\windows nt\ntbackup\data. This path cannot be changed. File exclusion tab allows you to specify individual files or extensions. Default exclusions are pagefile, temporary files, client-side cache, debug folder, FRS database and logs, and other local logs and databases. Files can also be excluded by owner, registered file type,and custom file mask. You can also restrict these exclusions to a specific folder or drive. Advanced options allow you to specify verify, compress and disable VSS.

NTbackup Command

ntbackup backup [path to backup | @selection.bks] /j Jobname options

options:

• /f filename (eg ntbackup backup \\server01\data /j Job1 /f e:backup.bkf
• /a (append)
• /n medianame (specify new tape name, use blank or overwrite existing tape)
• /p poolname (specifies pool that contains tape, new tape)
• [/t tapename | /g GUID] (specify tape for an append or overwrite operation)
• /m [normal | copy | differential | incremental | daily]
• /d Set Description (label backup set)
• /snap [on | off] (use volume shadow copy)
• /v:[yes | no} (verify)
• /r:[yes | no] (restrict access to tape)
• /l:[f | s | n] (log file format: full, summary, none)
• /rs:[yes | no] (backup migrated data files)
• /hc:[on | off] (hardware compression)

Scheduling: create backup job, click start backup and configure advanced backup options, set account information. Then open 'Schedule Job'. Once job is scheduled, you can edit scheduled jobs using the 'scheduled jobs' tab of the backup utility.

System State

System State contains:

• system's registry
• COM+ Class Registration Database
• Boot Files
• System Files that are protected by the WFP service
• Certificate Services database (on a certificate server)
• AD and sysvol folder (on a domain controller)
• Cluster Service information (on a cluster server)
• IIS Metabase (on an IIS server)

To backup up system state: ntbackup backup systemstate /J jobname /F filename.bks. Ntbackup cannot backup system state for a remote system. System state backup automatically forces backup type to 'copy'.

Restore a Domain Controller

Reboot and press F8 to select startup mode. Select Directory Services Restore mode. Logon as local administrator, using password set during dcpromo. Start restore. To make restore authoritative, restore system state but do not reboot. Instead run ntdsutil to mark entire database or portions as authoritative. Authoritative restores are used to restore deleted objects to AD.

ASR

ASR floppy contains two files: asr.sif and asrpnp.sif. To recreate a lost ASR diskette, copy the files from %systemroot%\repair to a floppy (either from disk or from the backup tape). ASR backup contains enough information to get the server running again, but you will need a full backup also, if you want to restore everything. To perform an ASR backup, you'll need:

• Windows 2003 CD
• ASR backup set
• corresponding ASR floppy
• 3^rd Party mass storage drivers

ASR Restore:

1. Boot from CD
2. Press F6 to load mass storage drivers
3. F2 to begin ASR
4. Files listed on Floppy restored from CD
5. Other files restored from ASR set
6. reboot occurs, F6 required to reload mass storage drivers