| Chapter 12 * |
| Backup * |
| Certification Objectives * |
| Backup Strategies * |
| Single vs. Multiple Backups * |
| Budget Factor * |
| Size Factor * |
| Control Factor * |
| Speed Factor * |
| Completeness Factor * |
| Hardware for Backups * |
| Common Media Types * |
| Interface Type * |
| Selection and Purchasing * |
| Backup Software * |
| Backup Schedule * |
| Backup Types * |
| Normal * |
| Incremental * |
| Differential * |
| Copy * |
| Daily * |
| Media Rotation * |
| Storage * |
| Off-site * |
| Protection from Hazards * |
| Additional Backup Protection * |
| Verification * |
| Multiple Complete Sets * |
| Documenting Backups * |
| Windows NT Backup Utility * |
| Hardware for Windows NT Backup * |
| Back Up NTFS or FAT Partitions * |
| Permissions to Perform a Backup * |
| Selecting Files for Backup * |
| Review Full Catalog of Backup * |
| Span Multiple Tapes * |
| Control Restoration Destination * |
| Verification and Logging * |
| Files Not Backed Up with the Backup Utility * |
| Files Not Restored with the Backup Utility * |
| NT Backup Options * |
| Backup Set Information * |
| Backup Type * |
| Tape Name * |
| Append or Replace * |
| Verify After Backup * |
| Back up Local Registry * |
| Restrict Access To Owner Or Administrator * |
| Hardware Compression * |
| Log Options * |
| NT Restore Options * |
| Restore to Drive * |
| Alternate Path * |
| Restore Local Registry * |
| Restore File Permissions * |
| Verify After Restore * |
| Performing Backups and Restorations * |
| Performing a Backup * |
| Exercise 12-1: Backing up a partition * |
| Exercise 12-2: Backing up data with NT Backup * |
| Restoring Data from Backups * |
| Exercise 12-3: Restoring data with NT Backup * |
| Automating Backups * |
| Using Schedule Service * |
| Exercise 12-5: Starting the Schedule service * |
| Creating a .CMD File * |
| Table 12-2: Parameters for Ntbackup.exe * |
| Launching the Automated Execution of .CMD * |
| Exercise 12-6: Automating a backup * |
| From the Classroom * |
| Making your backups work for you, or when you're popping corn, cover the pot! * |
| Windows NT Backup and Recovery Schemes * |
| Disk Administrator * |
| Backup Drive Configuration * |
| Exercise 12-7: Backing up the disk configuration with the Disk Administrator * |
| Restore Drive Configuration * |
| The Emergency Repair Disk * |
| Registry Backups * |
| Exercise 12-9: Backing up the registry with the registry editor * |
| Third-Party Backup and Restore Alternatives * |
| Seagate Backup Exec for Windows NT * |
| Stac Replica for Windows NT * |
| ARCserve for Windows NT * |
| Certification Summary * |
| Two-Minute Drill * |
| Self Test * |
| Answers to Chapter 12 Self Test * |
 | Backup Strategies |
| Windows NT Backup Utility |
| Performing Backups and Restorations |
| Windows NT Backup and Recovery Schemes |
| Third-Party Backup and Restore Alternatives |
You have just had a system failure of a critical Windows NT Server that holds the entire inventory and customer database of the company you work for. What do you do? Is it time to panic and look for a new job? Or is it time to show your boss how smart you were for implementing a sound, reliable backup plan that allows you a quick recovery from this catastrophe? By applying the strategies and techniques presented in this chapter, you should be able to keep your job and even win a compliment or two.
The chapter starts with a discussion of various backup strategies, including media types and storage considerations. Then it presents an in-depth discussion of the Windows NT Backup utility. Normal backups and restorations using Windows NT Backup are considered, as well as some methods for backing up unique data using techniques other than the Backup utility. The last section describes third-party backup alternatives.
There are many strategies to consider when creating a backup plan for your organization. In this section we will discuss many of them—starting with single versus multiple backups, then moving to hardware considerations. We'll also look at the kinds of backup schedule that can be used and the different types of backups that are available for your use.
You need to consider several factors when deciding whether you want to conduct your backups from a single location or have multiple backup locations.
First, consider the budget you have to work with. Obtaining the hardware required to support multiple backup locations can put a serious dent into an information systems budget if not planned for properly.
The size of the location will also dictate whether you need to use a single, central location or multiple locations. For example, if you have one server and three client machines located in the same building, then it would probably be fine to back them all up from a single location. However, if you had fifty servers located across several different buildings, it would probably be best to have multiple backup locations.
The amount of control needed will also determine whether you choose a single or multiple backup strategy. For example, it is possible that you will have a location, such as the research and development department, that needs to control their own backups to ensure that no confidential information is released inadvertently.
The speed factor can be critical when backing up data. If you have a bandwidth problem, you may want to consider backing up to multiple locations by keeping the backup traffic segmented to local subnets—thereby alleviating congestion on your backbone.
How complete must the backed up information be? This can affect your decision to choose a single or multiple backup strategy. For example, it is possible that you will have a location, such as the accounting department, that needs to make backups every couple of hours while another department—say the clerical department—may only need to make a backup at the end of each work day.
Windows NT Server provides support for magnetic tape which is the most common medium used for performing backups. Tape remains popular because it has the ability to store a great capacity of data at a relativity low cost.
There are a variety of media types available and the data capacity varies with each type. Four of the most common types are listed below.
| Digital Linear Tape (DLT) DLT is the new kid on the block. It has the capability to store 70 gigabytes of data on a single tape. DLT breaks the tradition of other types of tape media by recording and reading multiple channels simultaneously. DLT segments tape media into parallel, horizontal tracks and records data by running the tape past a stationary head. DLT is faster than most other types of tape, achieving transfer rates of up to 5 MBps. |
| Quarter-Inch Cartridge (QIC) QIC is the oldest of the tape formats presented here. Capacity can range from 40 megabytes to 5 gigabytes. QIC tapes are among the most popular tapes used for backing up personal computers but rarely used for backing up network servers. QIC tapes are divided into two general classes: full-size and minicartridge. QIC uses sequential access. Sequential access refers to reading or writing data records in sequential order—that is, one record after the other. To read record 24, for example, you would first need to read records 1 through 23. |
| Digital Audio Tape (DAT) DAT is a high speed format most commonly seen in the 4mm variety. DAT uses a process called helical scan to record data. A DAT cartridge is slightly larger than a credit card and can hold from 2 to 24 gigabytes of data. It can support data transfer rates of about 2 MBps. Like other types of tapes, DATs are sequential-access media. The most common format for DAT cartridges is digital data storage (DDS). |
| 8mm Cassette 8mm cassettes can store between 1gigabyte to 5 gigabyte of data. It uses helical-scan cartridges but requires a relatively expensive tape drive. They also have relatively slow data transfer rates. |
The two most common interface types you will encounter in a tape drive are Integrated Drive Electronics (IDE) and Small Computer Systems Interface (SCSI). IDE is mainly used in the slower and lower-capacity QIC-style tape drives while you will find SCSI in the high capacity, high performance DAT and DLT drives. The main reason for this is the SCSI's higher operating speed. A secondary reason for using SCSI is the fact that more devices can be placed on the SCSI bus than on the IDE bus.
When deciding which tape drive hardware you need to purchase, check the latest Windows NT Server Hardware Compatibility List (HCL) to make sure the drive you are considering is listed. If not, make sure that third-party drivers are available for Windows NT Server 4.0.
There are several factors that need to be considered with respect to the software you may be considering. Depending on your situation, some of the following factors may weigh more heavily in your decision than others.
| Network Enabled Does the software have the capability to backup only the server it resides on or can it backup other network drives? Depending on your needs this may or may not be critical, especially when deciding on a single or multiple backup locations. |
| Automation and Scheduling Does the software have the capability to schedule the time a backup will occur, such as at midnight each night when usage is at a minimum? If the software does not have this capability, it could ruin your night if you had to go in to manually start a backup at midnight. |
| Individual Element Selection or Exclusion Does the software have the capability to include or exclude individual items or must you do a complete backup of your entire hard drive? This could be a very time-consuming process if you needed to only backup an individual 62 kilobyte file but had to wait for the entire 4 gigabyte drive to be backed up. |
| Report, Progress, History, and Status Logs Do you need detailed logs that reflect the progress or history of backups? Some backup software may not include any of these features. |
| Error Correction and Data Verification How important is it to you that the data you are backing up has its integrity verified by the backup software? If you perform a backup and do not verify that it is good then you may be in for a rude surprise if you ever need to use the backup tape. |
| Security Measures What type of security measures does the software provide? Is it possible that anyone getting the tape can recover data from it easily? |
| Restoration Options and Requirements When you restore from tape can you restore a single file or directory or are you forced to restore the entire archive? |
Now that you have decided what media to use and have picked out the backup software that meets your needs, you have another question to answer. What kind of schedule should you use to perform your backups? There are two factors to consider in determining your backup schedule.
| How often The frequency at which you create the backups depends on how much the data changes and how valuable the data is to you. |
| Time of day The time of day can also be determined by how much data changes and how valuable the changing data is to you. Normally you should try to do your backups at a point in time when it will cause minimal interruption on your network and also when bandwidth does not need to be considered. Midnight is often used, because few files are being used. If people using the network had files open, the backup tape might not reflect the true status of the network. |
There are five backup types available for you to use. Your situation will help determine which type or types are most suitable. You may find that your backup plan uses a combination of the different types.
Another name for the normal backup is a full backup. A full backup copies all selected files and marks each as having been backed up. Files can be restored quickly from a normal backup because the most current files are on the last tape.
An incremental backup will back up only those files created or changed since you performed the last normal or incremental backup. The incremental backup will mark files as having been backed up. If you use a combination of normal and incremental backups, you must start with your last normal backup and then working through all the incremental tapes when you restore.
A differential backup copies files that have been created or changed since the last normal or incremental backup. The differential backup does not mark files as having been backed up. If you are doing normal and differential backups, restoring requires only the last normal and last differential backup tape If you perform two differential backups in a row, the files backed up during the first backup will be backed up again, even if they have not changed. This is because files are not marked as having been backed up.
Using a copy backup copies all the files you select but it will not mark each file as having been backed up. This can be useful if you want to back up files between normal and incremental backups; copying will not alter any setting that would invalidate these other backup operations.
A daily backup copies all (specified) files that have been modified during the day you perform the daily backup. The backed up files will not marked as having been backed up. While this may not sound especially useful, it can be helpful if you want to take work home and need a quick way to select all the files that you worked on that day.
Of the five backup types, the most commonly used are normal, incremental, and differential. Table 12-1 shows you some of the advantages and disadvantages of each of these three common backup types.
| Backup Type | Advantage | Disadvantage |
| Normal | You can easily find files because they are always on the
current backup of your system. Only one tape set is required for recovery. |
Backups are redundant if files do not change very often. Most time-consuming backup type. |
| Incremental | The least time-consuming backup type. Uses the least amount of data storage space. |
It can be difficult to locate a file because it could be located on several different tapes. |
| Differential | Uses less time than a normal backup does. Only the last normal backup tape and the last differential tape are required for recovery. |
Recovery takes longer than if files were located only on a
single tape. If data changes frequently then backups can take more time than an incremental. |
Table 12-1: Advantages and Disadvantages of Common Backup Types
It does not take hundreds of tapes to keep a good backup of your system. By using a sound media rotation plan you can get maximum benefit from only a few tapes.
| Reuse of tapes With proper planning you can reuse tapes over and over again without having to constantly purchase new tapes. Of course the life cycle of a tape will depend on the manufacturer of the tape and the conditions in which the tape is stored. |
| Reduction of media costs By alternating backup tapes you lower the total backup cost. It is possible to use only 19 tapes over the course of one year of backups as shown in Figure 12-1. |
In Figure 12-1, four tapes are used Monday through Thursday for incremental backups, and three tapes are used for weekly normal backups which are performed each Friday. The remaining twelve tapes are used for monthly normal backups and are stored off-site. We will discuss off site storage in the next section. There are many other ways for you to use media rotation. This is only one example.
Figure 1: A typical one-year backup plan using media rotation
Now that you seen how to put a good media rotation plan in use, let's discuss how and where you should store the tapes created from your backups.
You must find an off-site location for storage of backup tapes. This way, if something causes your building to catch fire or otherwise become unusable you can at least be reassured that your data can be recovered. The location can be a vault, a safe deposit box at a local bank or a fireproof safe at home. If you decide to use a fireproof safe, make sure it is specifically designed to protect magnetic media.
No matter which off-site area you choose for storage of your tapes, make sure that it can protect the tapes from fire, water, theft, and other hazards. You can increase the life of your tapes by storing them in cool, humidity-controlled locations. Your storage area should also be free of magnetic fields, such as those found near telephones and the back of computer monitors.
Additional backup protection is provided by verification, multiple complete sets, and document backups.
A verify operation is used to compare files on the hard disk to files that have been backed up to tape. It occurs after all the files are backed up and will take about as long as the backup procedure itself. You should perform a verify operation after every backup, even though it extends the overall time of the backup. It is better to spend some extra time now, when you can afford to, than to find out that your latest backup does not function when you really need it. Remember the scenario presented at the beginning of this chapter. If you try to restore from tapes that were not verified, there is a chance they may not work; now it is time to start looking for another job! It is also advisable to perform verification after a file recovery—to make sure that everything recovered properly.
If a filer verification fails, check to see when that file was modified last. The verify procedure will fail if someone has changed a file between a backup and the verify operation. Log files are one area where this will happen always happen.
Normally you should keep three complete copies to protect against tape failure or loss. If you implement the one-year media rotation plan described earlier, you will always have three complete copies of your data.
In order to find information on your backup tapes quickly, it is essential that you accurately maintain backup records, especially if you have collected a large number of tapes. Your records should include tape labels, which can be accompanied by a log book, catalogs, or log files.
The following information needs to be included on the tape labels: the date of the backup, what type of backup is on the tape (normal, incremental, or differential), and information about the contents of the tape. It is very important that you indicate the type of backup used for the tape; if you are restoring from differential or incremental backup tape, you will have to locate the last normal backup tape and either the last differential tape or all incremental tapes created since the last normal backup. Another method you can use is to label tapes sequentially and keep a log book of tape contents.
The majority of backup software packages include a tool for cataloging files that it has backed up. Catalogs are created within the backup application for each backup set and normally they cannot be printed or saved to disk.
Along with the backup software catalog, information about the backup can be logged to a text file. The log file can include the names of all files and directories that have successfully been backed up or restored.
Windows NT comes with its own utility to perform backups of your system. The Backup program provides a convenient GUI you can use to back up and restore local and remote disk drives—including the registry of the local machine. This section surveys what the Windows NT Backup utility has to offer you. Figure 12-2 shows the Drives window of the Backup program.
Figure 2: The Drives Window of the Windows NT Backup Utility
Windows NT Server automatically checks for a tape drive when it starts and it will initialize the hardware each time you start Backup. The tape drive must be hooked to the system you are running Backup from and the tape drive must be turned on before starting Windows NT Server to ensure the drivers load properly. If you have not configured a tape drive for your system prior to starting Backup you will see the screen illustrated in Figure 12-3.
Figure 3: Tape drive error detected dialog box
If you receive this error, you need to make sure that the drive is connected properly, power for the drive is on, and that the correct tape device driver has been installed.
Currently Windows NT Server supports high-capacity SCSI tape drives such as 4mm DAT, 8mm cassette, and QIC and also the lower capacity mini-cartridge drives.
If you try using a higher-density tape than what the tape drive can use, you may receive the message "Tape Drive Error Detected" which will prevent the tape from being ejected until you close the Backup program.
Windows NT Backup allows you to back up either NTFS or FAT partitions. It also allows you to back up information from one file system and restore it to another file system. For example, you could back up NTFS files to tape and restore them to a FAT file system. Of course, all file and directory security would be lost, because FAT does not support file permissions.
Unless specific user rights have been granted, the only files and directories that can be backed up using the Backup utility are those that a user normally has access to. Any user or group of users that has been given the right to Backup Files and Directories will be able to circumvent the security provided by normal file permissions when backing up those files and directories. The right to Restore Files and Directories allows a user or group of users to disregard normal file permission problems and overwrite files when restoring files and directories. Although backup and restore rights are independent of each other, it is recommended that you grant backup rights along with the restore rights. Be very careful when you grant restore rights because normal file permissions are ignored during restoration. Existing files can be overwritten, with disastrous results!
If users have not been granted specific rights, they cannot back up or restore files and directories that they do not have access to unless they are a member of the Administrators or Backup Operators group. The Administrators and Backup Operators groups are granted these rights by default. It is normal to put users who will be conducting regular backups into the Backup Operators group since the group already has the proper user rights.
By drilling down through the directory structure you can get very granular when selecting the files that you need to back up. Figure 12-4 shows that the E: drive has been drilled down to the winnt directory. winnt and all subdirectories have been tagged to be backed up, but nothing else on the E: drive has been selected.
Figure 4: Selecting files to be backed up with the Backup utility
It is easy to tell whether the whole drive has been marked to be backed up or if only portions of the drive has been marked as shown in Figure 12-5. If portions of the drive have been marked, the box will show an X and be grayed out, or ghosted, like the E: drive. If the entire drive is to be backed up, the box will only contain an X as shown by drive F:.
Figure 5: Drive windows showing a partial drive and full drive backup
After inserting a tape to be restored, only information for the complete backup set will appear in the Tapes window as shown in Figure 12-6. If you do not want to restore the entire tape, you will need to load the catalog from the tape to show a list of any other backup sets and files. This can be accomplished by selecting the set from the tape whose catalog you want to load from the Tapes window and double-clicking the set's icon. Figure 12-7 shows the catalog of a recent backup.
Figure 6: Tapes window from Windows NT backup
Figure 7: Catalog from a recent tape backup
Depending on the size of your backup media and the amount of data that must be backed up, you may need to use several tapes in order to successfully complete the backup. Luckily this is not a problem. It is possible to span multiple tapes with the Backup utility because there is no file-size restriction.
It is possible to control the destination that files will be restored to by specifying a different directory location instead of the original directory. One of the reasons that you may want to do this is to compare the restored files to the original files already on the disk drive.
The Windows NT Backup utility has the capability to perform verification of the backups and restores it accomplishes to ensure the integrity of your data. It is highly recommended that you verify every backup that you perform.
Logging is also possible within the Backup utility and the level of logging you need to use is dependent on your situation. The various levels of logging are discussed later in this chapter.
There are some files that are not backed up automatically by the Windows NT Backup utility for a variety of reasons. The following is a list of files that will not be backed up:
| Files that the user does not have permission to read As discussed earlier, only users with the Backup Files and Directories user right can copy files they do not own. |
| Paging file The pagefile.sys file is a temporary file that is used to represent virtual address space and is only a temporary holding space for data in use or recently in use. |
| Registries on remote computers Windows NT Backup can only back up the registry on the local machine. |
| Any file that has been exclusively locked by application software Windows NT Backup cannot copy files locked by application software. However if Windows NT Backup encounters a file that has been opened in share/read mode, it will back up the last saved version of the file. |
Windows NT Backup will restore all files automatically except for the following:
| Files on tape that are older than files that are on the disk drive. The Backup utility will ask you to confirm replacement if this situation occurs. |
| If you try to restore a file into an area to which you do not have access. Of course this condition will not apply if you have restore rights to the area. |
In this section we will look at specific options available to you while using the Windows NT Backup utility. After you selecting files or drives to back up and click the Backup button, the Backup Information window opens, as shown in Figures 12-8 and 12-9. You can refer to these figures to locate the options as they are discussed.
Figure 8: Backup information for a local disk drive
Figure 9: Backup information for a remote disk drive
The Backup Set Information is located in the middle of the Backup Information window. Some information cannot be changed at this point: for example, the number of the set being backed up and the drive name that is being backed up. Other information can be changed: for example, the description for the backup set and the type of backup to conduct.
The Backup Type option allows you to choose whether you are going to create a normal, incremental, differential, daily, or copy. The options are available in a drop-down box located in the Backup Set Information section of the Backup Information window. The advantages and disadvantages of the different backup types were discussed earlier.
If the tape was previously used for a backup, the existing name will be in the Tape Name section. If it is a new tape, it will be blank. You can use up to 32 characters to name the tape.
The Append or Replace radio buttons are located on the right side of the Backup Information window situated under the Operation heading.
Selecting the Append radio button causes Backup to add the backup set to the end of the last backup set on the tape that is in the tape drive. Two options will not be available if you select the Append radio button: the Tape Name and Restrict Access To Owner Or Administrator.
Selecting the Replace radio button causes Backup to overwrite all the information on the current tape. Before the information is overwritten, you will have a chance to confirm the choice. If you do not confirm the choice you receive another message that gives you the choice of appending to the tape instead.
Verify After Backup gives you the opportunity to specify whether or not to perform a verification comparison of the files that are written to tape and the files on the disks drive after the backup has completed. This will almost double the time it takes for your backup to complete, but it is time well spent. I cannot emphasize enough the value of performing a verification. One time I did not verify a backup that I had done because I was in a hurry to leave for the weekend. As fate had it, the drive crashed and I got called in Sunday night to fix it. I thought it would be a quick matter since I had just done the normal backup on Friday. Most of the backup went without a hitch but two files would not restore from the tape correctly. They were .dll files for an application that controlled billing cycles. Luckily, the files were available on the original CD-ROM disc; after some tense moments spent trying to locate the disc, the files were easily recovered. However, the incident pointed up the value of doing a verification of the data on backup tapes. What if the corrupted data had been part of the registry, such as the directory service database? One thing is clear: no one wants to be in that situation!
If you are backing up from a local drive that contains the registry, you can include a copy of it in the backup set. Keep in mind that this option is only available if the drive containing the registry is selected for backup. Windows NT Backup will not back up the registry or event logs located on remote systems. If it is possible for you to back up the registry then Backup Local Registry on the Backup Information window will not be ghosted as shown in Figure 12-8. If you are backing up a disk drive on a remote computer, the Backup Local Registry will be ghosted as shown in Figure 12-9.
It is possible for you to provide some security for the backup tapes you create by choosing the Restrict Access to Owner or Administrator option. If this option has a check mark in the box, only the tape owner or a member of the Administrators or Backup Operators group can read, write, or erase the tape using the Backup utility. If the tape owner needs to restore it to another system in the same domain, they must be logged on with the same user account name. The exception to this rule is that members of the Administrators or Backup Operators group can read, write, or erase a tape on any computer in any domain.
Although this option does provide access security, you still need to keep the tape physically secure. If a normal user on your domain can get access to one of your backup tapes, it is possible for them to take it home, for example, where they might be running Windows NT Server. If they are running Windows NT Server at home, you can be sure that they belong to the Administrators group there! That means they can recover information such as the user accounts database from your tape. Then they could try to crack other users' passwords, including the Administrator's account or equivalent, at their leisure.
If the tape drive that you use to conduct your backups supports hardware compression, this option will not be ghosted. As shown in Figure 12-7, the choice was ghosted because the tape drive used to conduct that backup did not support hardware compression. Enabling hardware compression will cause the tape drive to compress the data onto the tape media, which can nearly double the amount of data you can store on each tape. However, you don't want to select this option if the remotest possibility exists that you will need to move the tape to another tape drive that does not support hardware compression. Even if you move it to another brand of drive that does support compression, you cold receive an error message. Some of the messages you may see are "Tape Drive Error Detected", "Tape Drive Not Responding", or "Bad Tape".
The lower section of the Backup Information window is dedicated to Log Information. A log file of backup operations can be generated to capture the operations that take place during the backup. The log file is stored as a normal text file that can be read with your favorite text editor such as Notepad. There are three options, depending on the level of activity that will be written to the log file.
| Full Detail If you choose this option, information for all operations, including the names of all the files and directories that are backed up. will be written to the log file. |
| Summary Only If you choose this option, only the major operations, such as loading a tape, starting backup, and failing to open a file will be written to the log file. |
| Don’t Log If you choose this option, no information will be written to the log file. |
In this section we will look at specific options available to you while using the Windows NT Backup utility. After selecting the files or drives to restore and clicking the Restore button the Restore Information window will appear as shown in Figure 12-10. You can refer to this figure to locate the options as they are discussed.
Figure 10: Windows NT Backup utility Restore Information window
The first section provides information about the backup sets on the loaded tape and indicates the number of tapes in that set. As seen in Figure 12-9 the data is the same as the information used during the backup shown in Figure 12-7 from the previous section.
You must specify the drive to which you want the information restored. Normally this will be the same drive from which the information was backed up.
It is also possible to specify an alternate directory path to place the files into that is different than the original location that they were backed up from. You might do this if you want to compare the backed up files to the files on the disk drive. You can use the ellipsis button at the end of the Alternate Path dialog box to help you locate the path you want to use
If you need to restore registry files, select the Restore Local Registry box. Restart the system to make sure that the restored registry information takes effect. If you have made any configuration changes since the last registry backup then they will be lost.
If you are restoring to a NTFS partition and want the system to restore the security information along with the files, you need to select the Restore File Permissions box. If this box is not selected and you restore to an NTFS partition, the files will inherit the security permissions of the directory into which they were restored. Remember that to restore security permissions, you have to originally back the files up from an NTFS partition.
If you need to compare the contents of the restored files against the files on tape, you need to select the Verify After Restore box.
In this section you'll have an opportunity to perform a backup and restoration of your system. You will also be introduced to a method of automating your backups.
You'll be able to practice performing two different backups in this section. In Exercise 12-1 you will back up the entire partition and in Exercise 12-2 you will back up a directory of data.
Now sit back and relax as your C: drive is backed up and verified. After the backup has completed, you may want to examine the log file that was created as Cnormal.log in the root of your C: drive.
Next, imagine that you only needed to backup a single directory structure and not the entire disk drive. For example, you might want to do this prior to performing an upgrade that would modify files in that directory structure. Exercise 12-2 leads you through this procedure.
Notice that this backup is much quicker than the backup conducted in Exercise 12-1. Sometimes you may only need to back up a single directory depending upon your needs.
Now that you have two verified backups, practice restoring them to your system by performing Exercises 12-3 and 12-4.
You discovered that when you installed a new application it overwrote everything in your winnt\system32\repl directory. To fix this problem, perform Exercise 12-3 which allows you to restore only a portion of the directory of data that you backed up in Exercise 12-2.
After the restore operation completes, you will have the same winnt\system32\repl directory that you had when you made the backup tape.
You've been having all sorts of problems today. Now you discover that your C: drive is full of corrupted data. By performing Exercise 12-4, you will fix the problem. by restoring the entire partition that you backed up in Exercise 12-1,
Exercise 12-4: Restoring a backed-up partition
These two exercises gave you practice for the inevitable day when you will need to complete a restoration operation.
While performing a backup is not an overly complex task it can get very boring when you must do it on a daily basis. Luckily there is a way for you to automate the process. You cannot use the GUI to automate backups; instead, you must run ntbackup.exe from a command file. In this section you will discover how to automate your backups using the Schedule service, ntbackup.exe, a .CMD file, and the AT command.
The Schedule service must be running in order to use the AT command discussed in this section. Exercise 12-5 shows you how to start the Schedule service, if it is not already running on your system.
Now that you have the Schedule service running, the next to complete is the creation of the command file. Ntbackup.exe has many command line switches that can be used in the command file. The syntax for the ntbackup command is:
ntbackup operation path [/a][/v][/r][/d "text"][/b][/hc:{on | off}] [/t {option}][/l "filename"][/e][/tape:{n
Table 12-2 defines the purpose of the different parameters that can be used by ntbackup.exe
Parameter |
Purpose |
| operation | Specifies the operation to perform; backup or eject. |
| Path | Specifies one or more paths to the directories to be backed up. |
| /a | Causes backup sets to be added or appended after the last backup set that is on the tape. If the /a is not specified, ntbackup will overwrite all existing data. If more than one drive is specified but /a has not been used, ntbackup overwrites the contents of the tape with data from the first drive selected and appends the backup of the remaining drives. |
| /v | Performs a verification of the backup. |
| /r | Restricts access. However /r will be ignored if /a has also been specified. |
| /d "text" | Specifies a description of the backup. |
| /b | Specifies that the local registry be backed up. |
| /hc:on /hc:off |
Indicates whether hardware compression is turned on or off. |
| /t {option} | Specifies what type of backup will be performed. The valid options are normal, incremental, differential, copy, and daily. |
| /l "filename" | Specifies the name of the backup logfile. |
| /e | Specifies that backup logfile include exceptions only. |
| /tape:{n} | Specifies the tape drive to which the files will be backed up to. {n} is a number from 0 -9 that equals the number the tape drive was given when the tape drive was initially installed. |
Using the parameters described in Table 12-2, you can create a command line that can be placed in a .CMD file using your favorite text editor. An example is:
ntbackup backup C: D: E: /t Normal /v /r /d "Full Backup of drives C, D, and E" /b /l C:\LOG\CDEfull.log"
From the previous example you can conclude:
| All files on the C: D: and E: drives will be backed up using the Normal option. |
| If any files exist on the tape they will be overwritten. |
| Verification will be completed after the backup |
| Access will be restricted to the owner or an administrator |
| All three backup sets will have the label of Full Backup of drives C, D, and E. |
| The local registry will be backed up. |
| All backup information will be logged to the file CDEfull.log located in the C:\LOG directory. |
Now that you are familiar with how to create a .CMD file, let's find out how to automate the use of the file. This is where the AT command comes into the picture. The AT command schedules commands and programs to run on a computer at a specified date and time. The syntax for the AT command is:
AT [\\computername] [ [id] [/DELETE] | /DELETE [/YES]]
or
AT [\\computername] time [/INTERACTIVE] [ /EVERY:date[,...] | /NEXT:date[,...]] "command"
The second syntax is the one you need to use for automating backups. Table 12-3 explains the parameters that are available using the AT command.
Parameter |
Purpose |
| \\computername | Specifies a remote computer. Commands are scheduled on the local computer if this parameter is omitted. |
| Time | Specifies the time when command is to run. |
| /INTERACTIVE | Allows the job to interact with the desktop of the user who is logged on at the time the job runs. |
| /EVERY:date[,…] | Runs the command on each specified day of the week or month. If date is omitted, the current day of the month is assumed. |
| /NEXT:date[,…] | Runs the specified command on the next occurrence of the day (for example, next Thursday). If date is omitted, the current day of the month is assumed. |
| "command" | Is the Windows NT command, or batch program to be run. |
| ID | Is an identification number assigned to a scheduled command. |
| /DELETE | Cancels a scheduled command. If ID is omitted, all the scheduled commands on the computer are canceled. |
| /YES | Used with cancel all jobs command when no further confirmation is desired. |
Table 12-3: Parameters for the AT Command
Using the parameters described in Table 12-3, you can create an AT command that will execute a .CMD file An example is:
AT 23:59 /every:M,W,F BACKMEUP.CMD
From the previous example you can conclude that every Monday, Wednesday, and Friday at 23:59 the contents of the BACKMEUP.CMD file will execute.
There is one caveat to be wary of when using the AT command. If you use it without the interactive parameter and it encounters an error when running the Windows NT Backup utility (for example, if there is no tape in the tape drive), then the Backup utility stops responding. You will not be able run Windows NT Backup again until you reboot your Windows NT Server. To prevent this situation from occurring you should use the interactive parameter. If any errors occur, you will be able to correct them and continue or quit the Backup utility.
Now that you have all the pieces it takes to automate a backup, let's practice. Exercise 12-6 shows you how to automate the backup process.
NT 4.0 Server includes a reasonably complete backup program. It is good for backing up the local server and has a nice GUI interface. However, there are two limitations to this program. One is easy to overcome and the other is not.
The first limitation is that you cannot schedule an unattended backup from the GUI interface. "Unattended backup" means the backup program launches at a scheduled time, does the specified backup, then terminates. This is an important capability because many servers get backed up at night when few files are open. (Open files do not get backed up). Fortunately, you can make the backup run as a scheduled operation by using the AT Schedule service. The Schedule service is a basic (perhaps lightweight) job scheduler. While it may lack the sophistication of other job scheduler programs, for the purpose of backups, it will work fine.
You will need to create an account for the Schedule service and the account will need to be a member of the Local Backup Operators group. Then you will need to configure the Schedule service through the Control Panel. Don’t forget to set the startup mode to automatic and get the password correct. Then you will need to create a batch file, using Notepad or some other editor that will launch the backup program and do the backup. Windows NT on-line help can show you how to do this. Also, you will need to schedule the job, using the AT command from the command prompt. Again, review the on-line help (type AT /?) for more details. If you do not want to use the command line, the NT resource kit has a nice GUI utility for the AT Scheduler. The net result is this: at the scheduled time, the Schedule service will launch the backup program in your absence. In other words, it's an unattended backup.
Here's the other limitation: the backup program that ships with NT will not allow you to back up the registry of a remote NT computer. You can back up the registry of the local computer without a problem. And you can reach out over the network and back up the drives of a remote server. However, since the registry files are open at the remote server, they will not be backed up. If you need to restore the registry of the remote server, you will not be able to do this. We use a class exercise to demonstrate this limitation to the students. There are third-party programs that address this limitation, but they'll cost you extra money. There is a workaround that is not elegant, but it will allow you to get a safety copy of the registry on the remote server. This also involves the AT Schedule service, which must be running on the remoter server as well, and the rdisk.exe program. Schedule the command "rdisk.exe /s" to run at the remote server several minutes before the backup job is sent across the network to back up the drive on the remote server. The rdisk command with the /s parameter will copy the registry files into the <winroot>\repair directory at the remote server. Be sure to include this directory in your backup and then you will have a "backed up copy" of the registry file of the remote server.
To use these files to recover a registry, you must first restore them from tape to the <winroot>\repair folder, run the emergency repair procedures and press <Esc> when prompted to search the hard drive for the repair files. Yes, yes, it's not pretty or elegant, but it will save the cost of a backup program, if that's important to you. On the other hand, you've already spent $18,000 on your server—perhaps another $695 for an enterprise-scale backup program is a worthwhile investment.
It is possible to back up portions of your system without having to use the Backup utility. This section describes some of the other alternatives that are available for your use.
The first alternative to examine is the Disk Administrator. Figure 12-11 shows us what the Disk Administrator looks like when it has been opened.
Figure 11: Disk Administrator
At this point you may be wondering how the Disk Administrator can help you back up your system. The \HKEY_LOCAL_MACHINE\SYSTEM key contains the configuration information about your currently defined drive letters, volume sets, stripe sets with parity, and mirror sets. This key can be saved by using the Disk Administrator. The unique feature of saving the key using Disk Administrator is that it will always save the key to a floppy disk.
When you back up the drive configuration you will see the dialog box shown in Figure 12-12. Exercise 12-7 shows you how to use Disk Administrator to save the configuration information that deals with your disk drives.
Figure 12: Insert Disk dialog box during disk configuration backup
If you ever need to restore information pertaining to your disk drives—and your configuration disk is current—then you should have no problem restoring your system. As you are restoring, you will be prompted by the two dialog boxes shown in Figures 12-13 and 12-14. Windows NT wants to make sure that you really want to restore the SYSTEM key. Exercise 12-8 shows you how to restore your disk configuration.
Figure 13: Dialog box asking for confirmation of the restoration
Figure 14: Insert Disk dialog box during disk configuration restoration
Exercise 12-8: Restoring the disk configuration with the Disk Administrator
The Emergency Repair Disk is another way to back up vital system information. If you recall, Exercise 12-8 stated that you could insert the Emergency Repair Disk (ERD) to complete the operation. This is because the ERD holds registry information, including the disk configuration information. The ERD will be covered in more depth when we discuss Troubleshooting in Chapter 14.
Another alternative to using Backup is to use one of the two registry editors that are included with Windows NT Server 4.0. Of the two editors, we recommend REGEDIT because it can back up the entire registry, whereas REGEDT32 can only back up individual registry keys. Figure 12-15 shows REGEDIT and Figure 12-16 shows REGEDT32
Figure 15: Windows NT REGEDIT
Figure 16: Windows NT REGEDT32
In the following two exercises you will use REGEDIT to back up and restore the entire Registry. Exercise 12-9 gives you an opportunity to back up your complete Registry.
It is possible to back up only branches of the registry if you so desire. You just have to change the export range from all to a selected branch when you are in the Export Registry File window.
Now that you have successfully backed up your registry, try restoring it using REGEDIT. Exercise 12-10 shows you how to accomplish the task.
Exercise 12-10: Restoring the registry with the registry editor
While Windows NT Backup is a capable backup utility, there are many third-party backup and restore utilities on the market with even more coming into the channel daily. This section will briefly describe some of the alternatives available to you.
Seagate Backup Exec, now in its fifth version, allows you complete control of your backups by providing 24-hour network-wide scheduling, administration, monitoring, device and media management.
Some of the main features of Seagate Backup Exec are:
| Intelligent disaster recovery Recovery time can be minimized with a point-in-time, rapid-recovery system for fast, dependable Windows NT Server recovery. |
| Microsoft compatibility Provides 100% data interchange with the Windows NT Backup utility. |
| Performance optimization Maximizes performance, minimizes network traffic/backup time using an exclusive technology that allows distributed processing/source compression. |
| Integrated crystal reports Create user-defined and pre-defined reports for network-wide administration, monitoring and management. |
| Advanced device and media management Maximizes backup performance by utilizing drive pooling, dynamic load balancing, drive cascading, fault-tolerant processing and media overwrite protection. |
Stac's Replica for Windows NT offers complete, secure disaster recovery and tape backup protection for businesses or branch offices. Replica is currently in its third version. Figure 12-17 shows the Replica 3 interface.
Figure 17: Stac Replica 3 for Windows NT
Some of the main features of Stac Replica 3 are:
| Advanced technology permits ultra fast replication Replica's unique technology supports full read and write access to your server during replication. This allows you to no have to utilize with complex incremental backup schemes. |
| Complete system backup In the event of a disaster, Replica can restore the complete server including the boot volume, disk partitions, Registry, NT operating system, user files and files that were open during replication. |
| Individual files easily recovered from any desktop Stac's Replica includes a feature that mounts tapes as NT volumes so that users can recover individual files themselves, using tools like File Manager and Explorer. Since all security objects are also replicated, users can only see those files that they had access to on the original server. |
ARCserve, currently at version 6.5, provides a comprehensive, integrated storage management platform for Windows NT. It delivers high-performance backup, restore and distaster recovery for small LAN's and heterogeneous enterprises.
Some of the main features of ARCserve are:
| Parallel streaming ARCserve can back up and restore data simultneously, to or from a maximum of 32 devices. |
| Quick file access ARCserve maintains the location of files on a tape in its online database. This enables very fast access to a file on tape without the need to scan through the whole tape. |
| Automated tape drive configuration ARCserve will identify SCSI tape drives in use and automatically set the correct configuration parameters. |
| Centralized administration Monitor and manage multiple ARCserve servers from any Windows NT server or workstation. |
The strategy you use for backups can be determined by several different factors, such as the size of the backup and the speed at which it needs to be completed. Other factors that need to be considered are the type of media that you use for the backups and what software to use. Software will be determined by the features that you require. After determining the software to use, you need to determine how often you will back up and what type of backup to use. The backup type can be normal, incremental, differential, copy, or daily. A decision also needs to be made regarding media rotation and sufficient off-site storage for the backups that are created.
Windows NT comes with a Backup utility that you can use to start backing up your data immediately. The Backup utility works from a GUI and supports backups and restores to tape only. Backup looks for a tape drive as soon as it starts and generates an error if it does not find one. In order to utilize Backup, you must have permission to access the data you are trying to back up.
It is possible to back up and restore the entire partition or only certain files that have been selected. In order to make it easier to back up, you can create a .CMD file and use it in conjunction with the AT command and the Schedule service.
Several other tools enable you to back up and restore selected pieces of data. The Disk Administrator can be used to back up information that deals with drive letters, volume sets, and more. The Emergency Repair Disk can also be utilized to repair registry information. REGEDIT and REGEDT32 are also available to back up and restore registry data. REGEDIT is the more flexible tool, because it can back up and restore the entire registry while REGEDT32 can only save individual registry keys.
There are a significant number of other software packages on the market that can backup and restore your Windows NT Server. A few of the titles are Seagate Backup Exec for Windows NT, Stac Replica for Windows NT, and ARCserve for Windows NT.
| The two most common interface types you will encounter in a tape drive are Integrated Drive Electronics (IDE) and Small Computer Systems Interface (SCSI). |
| IDE is mainly used in the slower and lower-capacity QIC-style tape drives while you will find SCSI in the high capacity, high performance DAT and DLT drives. |
| Any user or group of users that has been given the right to Backup Files and Directories will be able to circumvent the security provided by normal file permissions when backing up those files and directories. |
| Another name for the normal backup is a full backup. A full backup copies all selected files and marks each as having been backed up. |
| An incremental backup will back up only those files created or changed since you performed the last normal or incremental backup. |
| A differential backup copies files that have been created or changed since the last normal or incremental backup. |
| Using a copy backup copies all the files you select but it will not mark each file as having been backed up. |
| A daily backup copies all (specified) files that have been modified during the day you perform the daily backup. |
| A verify operation is used to compare files on the hard disk to files that have been backed up to tape. |
| The Windows NT Backup utility has the capability to perform verification of the backups and restores it accomplishes to ensure the integrity of your data. |
| It is possible for you to provide some security for the backup tapes you create by choosing the Restrict Access to Owner or Administrator option. |
| Unattended backup means the backup program launches at a scheduled time, does the specified backup, then terminates. |
| The \HKEY_LOCAL_MACHINE\SYSTEM key contains the configuration information about your currently defined drive letters, volume sets, stripe sets with parity, and mirror sets. |
The following questions will help you measure your understanding of the material presented in this chapter. Read all the choices carefully, as there may be more than one correct answer. Choose all correct answers for each question.