The Windows 2000 Backup programs starts via the Start-menu (Programs - Accessories - System tools - Backup) or the command Ntbackup. It enables you take backup data manually or via a schedule. You can backup data to a file or a tape. The data can be stored on hard disks, removable disks (Jazz, Zip, etc.), tapes and recordable and optical disks.
All users can backup their own files/folders and those to which they at least
have read permissions.
Members of the administrators-, server operators- and backup operators group can backup
files as they have the 'Backup files and Directories and Restore File and
Directories' user right.
Files that are backup on a disk, have a .bkf extension. The files that should be put on backup are stored in a .bks-files in the profile -> \Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data folder . This folder also contains the log files. The NTBackup folder also has subdirectories for the catalogs (\catalogs) and temporary files (\temp).
For each backup job you can enter the following options :
| Backup description. 'Set created at data at time' is the default description. |
| Append or replace data to backup. |
| Label to identify the backup of media is overwritten. |
| Schedule tab. Set the times when the backup should start. Information is stored is a .job file as part as the Task Scheduler. |
| Advanced tab. Set if you want to backup the data that is in remote storage (default off), set if a verify is required (default off), set compression, backup system protected files with the system state, set the type of backup (normal, copy incremental, differential, daily) |
Windows 2000 does support backup via the network but cannot backup Active Directory and Registry via the network. Windows 2000 does not backup open files.
There are 5 types of backup-modes :
| Normal. Backups all files without looking at the archive bit. The archive bit is cleared for each file that is put on the backup. (Full backup) |
| Copy. The same as normal but it does not change the archive bit. |
| Differential. Only files with an archive bit are put on tape but it does not change the archive bit. |
| Incremental. Only files with an archive bit are put on tape and it does clear the archive bit. |
| Daily. Only the files changed that daily will be put on tape. The archive bit is not used. |
When customizing the backup, you can select three items to backup :
| Backup everything on the computer. |
| Backup selected files, drives or network data. |
| System state. You can backup the Active Directory, boot files, Com+ class registers, registry and Sysvol. |
A scheduled backup is stored as a job for the Scheduler-service in \winnt\tasks.
You can select the following Advanced options for a backup :
| Type of backup operation. Normal, copy, differential, incremental and daily. |
| Backup migrated remote storage data. Via HSM migrated data to remote storage. |
| Verify data after backup. Recommended by Microsoft. |
| Use hardware compression if available. |
| If the archive media already contains backups. Add or overwrite data on backup media. |
| Allow only the owner and the administrator access to the backup data and any backups appended. |
| Backup label. Default Set created Date at Time. |
| Media label. Default Media created Date at Time. |
| When to backup. Now or via a schedule. |
Via Tools - Options in the backup program you can change the default backup settings like the type of backup/restore, logs, excluded files, etc.
If you choose to backup the System State data, the following items will be backup :
| The registry. |
| The Com+ class registration database. |
| Startup and system files. |
| Certificate services database (if the server is a certificate server) |
| Active Directory database and sysvol (if the server is a domain controller) |
| Cluster database (only on cluster servers) |
System State will also copy the registry to the \systemroot\repair\regback directory. This data can be used to restore the registry by putting the files in the \systemroot\system32\config directory.
All users can restore files/folder to which they at least have write access. Member of the administrators-, server operators- and backup operators group can restore as they have the 'Backup files and Directories and Restore File and Directories' user right.
A restore starts via the Restore wizard. You can choose to restore a full backup or a part of it. The data can be restored to the following locations :
| Original location. Data is restored to the original location. |
| Alternate location. The data will be restored to a specified folder. The folder structure of the restore remains the same |
| Single folder. All data will be restored in a single folder. The folder structure of the data on the backup is ignored. |
You can also set via Tools - Options - Restore tab what should happen if a file is already on the system during a restore :
| Do not replace the file on my disk (recommended). This is the default option. The file already on the system will not be overwritten during a restore. |
| Replace the file on disk only if it is older than the backup copy. The file will only be restored if it does not exist or if it is newer than the file one the system. |
| Always replace the file on my computer. The file on the backup will always be restored to the system. |
Before the restore starts, you can specify some advanced options :
| Restore security. Restore acl's. (default on) |
| Restore removable storage database. This is \winnt\system32\ntmsdata. (default off) |
| Restore junction points and the data under these points. (default off) |
| Restore data as primary data in a FRS replica. (default off) |
| Preserve existing volume mount points. (default on) |
If you want to restore the Active Directory on a domain controller, you should follow the next steps :
| Start the server in 'Directory service restore mode' |
| Log on with the stand-alone server's administrator account. |
| Restore the Active directory. |
If the restore data also should be replicated to the other domain controllers, use the ntdsutil utility with the 'Authorative restore' option to replicate the restored Active Directory information. After this, reboot the machine.
The emergency repair disk in Windows 2000 is a disk that supports the repair tools on the Windows 2000 cd. It formats a floppy and copies the following files to it :
| Autoexec.nt |
| Config.nt |
| Setup.log |
When creating the emergency repair disk, the current registry settings are copied to \winnt\repair\regback. The emergency repair disk is not bootable.
The system state can be used to backup Active Directory, the registry,
start-up files, SYSVOL,
the IIS metabase, cluster service, COM+ class registration database, performance
counter information and the certificate service database. To restore the system
state. the folder and disk location of the system folder must be the same as they were.
If you want to restore an domain controller, just boot in Directory Services
restore mode, restore the system state and reboot. After this, data from domain
controllers that did not have problems will be replicated to the restored domain
controller as, by default, the restore was non-authoritative.
If you want to
restore data to Active Directory, first reboot in Directory Services restore
mode, non-authoritative restore Active Directory and use ntdsutil to select the
accounts to be authoritative. This can only be done when the backup
tape is not older than the tombstone lifetime. (default 60 days) It is not
possible to replay the logfiles as Active Directory uses circular logging.
It is important to know that it is not possible to restore active directory
objects from a backup that is older than the tombstone lifetime. This lifetime
is by default 60 days and can be changed in Active Directory. (CN=Directory
Service,CN=WindowsNT,CN=Services,CN=Configuration,DC=SERVERNAME,DC=COMPANY,DC=COM)
Windows XP support the shadow copy functionality which creates a snapshot of
the machine. This enables a backup of open files while users can access the
volume. It can be used via ntbackup /snap. The vssadmin tool can be used to view
the available shadow copies.
Automated system recovery (ASR) can be used to restore a corrupt system. It
replaced the emergency repair disk and enables you to restore the system state
and critical files on the system and boot partitions. It should only be
used when the system cannot start in normal, safe, or recovery console mode. The
floppy can be created via the Advanced mode of NTBackup, a restore can be
started by pressing F2 during start-up to initiate an ASR restore.
| Managing Windows 2000 disks and backup and restore |
| Search for 'backup' in knowledge base |
| Search for 'ntbackup' in knowledge base |
| Search for 'restore' in knowledge base |
| Search for 'erd' in knowledge base |
| Search for 'ntdsutil' in knowledge base |
Last update : 27 January 2003