How Backup Works

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

How Backup Works

In this section

  • Types of Backup

  • Volume Shadow Copy Service

  • Files Skipped During Backup

  • System State Data

  • Permissions and User Rights Required to Back Up

  • Automated System Recovery

  • Restoring File Security Settings

  • Restoring Distributed Services

  • Related Information

The Backup utility in Windows Server 2003, which uses the Volume Shadow Copy service, helps you protect your data if your hard disk fails or files are accidentally erased due to hardware or storage media failure. By using Backup, you can create a duplicate copy of the data on your hard disk and then archive it on another storage device, such as a hard disk or a tape.

If the original data on your hard disk is accidentally erased or overwritten, or becomes inaccessible because of a hard-disk malfunction, you can easily restore it from the disk or archived copy.

Types of Backup

The Backup utility supports five methods of backing up data on your computer: a copy backup, daily backup, differential backup, incremental backup, and normal backup.

Types of Backup

Type Description

Copy backup

Copies all the files that you select, but does not mark each file as having been backed up (in other words, the archive attribute is not cleared). Copying is useful if you want to back up files between normal and incremental backups because copying does not affect these other backup operations.

Daily backup

Copies all the files that you select that have been modified on the day that the daily backup is performed. The backed-up files are not marked as having been backed up (in other words, the archive attribute is not cleared).

Differential backup

Copies files that have been created or changed since the last normal or incremental backup. It does not mark files as having been backed up (in other words, the archive attribute is not cleared). If you are performing a combination of normal and differential backups, you must have the last normal as well as the last differential backup to restore files and folders.

Incremental backup

Backs up only those files that have been created or changed since the last normal or incremental backup. It marks files as having been backed up (in other words, the archive attribute is cleared). If you use a combination of normal and incremental backups, you will need to have the last normal backup set as well as all incremental backup sets to restore your data.

Normal backup

Copies all the files that you select and marks each file as having been backed up (in other words, the archive attribute is cleared). With normal backups, you only need the most recent copy of the backup file or tape to restore all of the files. You usually perform a normal backup the first time you create a backup set.

If you want the quickest backup method that requires the least amount of storage space, you should back up your data using a combination of normal backups and incremental backups. However, recovering files from this combination of backups can be time-consuming and difficult because the backup set might be stored on several disks or tapes.

If you want to restore your data more easily, you should back up your data using a combination of normal backups and differential backups. This backup set is usually stored on only a few disks or tapes. However, this combination of backups is more time-consuming.

Volume Shadow Copy Service

Backup uses the Volume Shadow Copy service to create a volume shadow copy, which is an accurate copy of the contents of your hard drive, including any open files, files that are being used by the system, and databases that are held open exclusively.

Backup uses the Volume Shadow Copy service to ensure that:

  • Applications can continue to write data to the volume during a backup.

  • Files that are open are no longer omitted during a backup.

  • Backups can be performed at any time, without locking out users.

If you choose to disable the volume shadow copy using advanced options or if the service fails, Backup will revert to creating a backup without the Volume Shadow Copy service technology. If this occurs, Backup skips files that are open or in use by other applications at the time of the backup.

Note

  • Some applications manage storage consistency differently while files are open, which can affect the consistency of the files in a backup. For critical applications, consult the application documentation or your provider for information about the recommended backup method. When in doubt, close the application before performing a backup.

For more information, see “Volume Shadow Copy Service Technical Reference.”

Files Skipped During Backup

Backup skips certain files by default, including files in the following categories:

  • Files that the person performing the backup does not have permission to read. Only users with backup rights can copy files that they do not own. Members of the Backup Operators and Administrators groups have these permissions by default.

  • Temporary files. For example, Pagefile.sys, Hiberfil.sys, Win386.swp, 386spart.par, Backup.log, and Restore.log. These files are not backed up or restored by Backup. The list of skipped temporary files is embedded into Backup and cannot be changed.

  • Registry files on remote computers. Windows Server 2003 backs up only local registry files.

System State Data

With Backup, you can back up the System State data for your computer. System State data includes the registry, the COM+ Class Registration database, files under Windows File Protection, and system boot files. Depending on the configuration of the server, other data might be included in the System State data. For example, if the server is a certificate server, the System State data also contains the Certificate Services database. If the server is a domain controller, the Active Directory directory service database and the SYSVOL directory are included in the System State data.

With Backup, the following system components might be included in a backup of the System State:

Component When this component is included in System State?

Registry

Always

COM+ Class Registration database

Always

Boot files, including the system files

Always

Certificate Services database

If it is a Certificate Services server

Active Directory database

If it is a domain

SYSVOL directory

Only if it is a domain controller

Cluster service information

If it is within a cluster

IIS Metadirectory

If it is installed

System files that are under Windows File Protection

Always

When you choose to back up or restore the System State data, all of the System State data that is relevant to your computer is backed up or restored. You cannot choose to back up or restore individual components of the System State data because of dependencies among the System State components. However, you can restore the System State data to an alternate location. If you do this, only the registry files, SYSVOL directory files, cluster database information files, and system boot files are restored to the alternate location. The Active Directory database, Certificate Services database, and COM+ Class Registration database are not restored if you designate an alternate location when you restore the System State data.

Files Under Windows File Protection

Backup works together with the catalog file for the Windows File Protection service when backing up and restoring boot and system files. System files are backed up and restored as a single entity. The Windows File Protection service catalog file, located in the folder systemroot\system32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}, is backed up with the system files.

In Windows NT 4.0 and earlier, backup programs could selectively back up and restore operating system files. However, Windows 2000 Server and Windows Server 2003 do not allow incremental restores of operating system files.

There is an Advanced Backup option that automatically backs up protected system files with the System State data. All of the system files that are in the systemroot\ directory and the startup files that are included with the System State data are backed up when you use this option.

Permissions and User Rights Required to Back Up

You must have certain permissions and user rights to back up files and folders using Backup. If you are an administrator or a backup operator in a local group, you can back up any file and folder on the local computer to which the local group applies. Similarly, if you are an administrator or backup operator on a domain controller, you can back up any file and folder locally on any computer in the domain or any computer on a domain with which you have a two-way trust relationship. However, if you are not an administrator or a backup operator and you want to back up files, then you must be the owner of the files and folders that you want to back up, or you must have one or more of the following permissions for the files and folders you want to back up: Read, Read and Execute, Modify, and Full Control.

You must also be certain that there are no disk-quota restrictions that might restrict your access to a hard disk. These restrictions make it impossible for you to back up data. You can check whether you have any disk-quota restrictions by right-clicking the disk you want to save data to, clicking Properties, and then clicking the Quota tab.

You can also restrict access to a backup file by selecting Allow only the owner and the Administrator access to the backup data in the Backup Job Information dialog box. If you select this option, only an administrator or the person who created the backup file will be able to restore the files and folders.

Automated System Recovery

Automated System Recovery (ASR) is a part of Backup that you can use to recover a system that will not start. With ASR, you can create ASR sets on a regular basis as part of an overall plan for system recovery in case of system failure. You should use ASR as a last resort in system recovery, only after you have exhausted other options such as the startup options Safe Mode and Last Known Good Configuration.

ASR is a recovery option that has two parts: ASR backup and ASR restore. You can access the backup portion through the Automated System Recovery Preparation Wizard located in Backup. The Automated System Recovery Preparation Wizard creates an ASR set, which is a backup of the System State data, system services, and all disks associated with the operating system components. It also creates a floppy disk, which contains information about the backup, the disk configurations (including basic and dynamic volumes), and how to restore your system.

You can access the restore part of ASR by pressing F2 when prompted in the text mode portion of Setup. ASR reads the disk configurations from the floppy disk and restores all of the disk signatures, volumes and partitions on the disks that are required to start your computer (at a minimum). It will attempt to restore all of the disk configurations, but under some circumstances it might not be able to. ASR then installs a simple installation of Windows and automatically starts to restore from backup using the backup ASR set.

Note

  • ASR does not include data files. You should back up data files separately on a regular basis and restore them after the system is working.

  • ASR only supports FAT16 volumes up to 2.1 gigabytes (GB). ASR does not support 4-GB FAT16 partitions that use a cluster size of 64 K. If your system contains 4-GB FAT16 partitions, convert them from FAT16 to NTFS before using ASR.

Restoring File Security Settings

Backup preserves permissions, ownership, and audit flags on files restored to NTFS volumes, but not on files restored to FAT volumes. It is not possible to secure data on FAT volumes.

When you restore files to a new computer or hard disk, you do not have to restore security information. The files inherit the permissions of the directory in which they are placed. If the directory has no permissions, the file retains its previous permissions, including ownership.

Restoring Distributed Services

In Backup, you can restore distributed services data that is part of the System State data, such as the Active Directory database, using one of three restore methods:

  • Primary restore

  • Normal (nonauthoritative) restore

  • Authoritative restore

To understand how each restore method works, it is important to understand how the Backup utility backs up data for distributed services. When you back up the System State data on a domain controller, you are backing up all Active Directory data that exists on that server (along with other system components such as the SYSVOL directory and the registry). To restore these distributed services to that server, you must restore the System State data. However, the number and configuration of domain controllers in your system will dictate the type of restore method you choose.

For example, if you need to roll back replicated Active Directory changes, but have more than one domain controller in your organization, you will need to perform an authoritative restore to ensure that your restored data gets replicated to all of your servers. However, if you need to restore Active Directory data on a stand-alone domain controller or on the first of several domain controllers, you will need to perform a primary restore. If you need to restore Active Directory data on just one domain controller in a system where Active Directory data is replicated across several domain controllers, you can use a normal restore if your restored data does not have to be replicated to all your servers.

Primary restore

Use this type of restore when the server you are trying to restore is the only running server of a replicated data set (for example, the SYSVOL and File Replication service are replicated data sets). Select primary restore only when restoring the first replica set to the network. Do not use a primary restore if one or more replica sets have already been restored. Typically, perform a primary restore only when all the domain controllers in the domain have failed, and you are trying to rebuild the domain from backup.

Distributed Data Reason for Using Primary Restore of System State Data

Active Directory

Restoring a stand-alone domain controller.

Restoring the first of several domain controllers.

SYSVOL

Restoring a stand-alone domain controller.

Restoring the first of several domain controllers

Replica sets

Restoring the first replica set.

Normal restore

During a normal restore operation, Backup operates in nonauthoritative restore mode. That is, any data that you restore, including Active Directory objects, will have their original update sequence number. The Active Directory replication system uses this number to detect and propagate Active Directory changes among the servers in your organization. Because of this, any data that is restored nonauthoritatively will appear to the Active Directory replication system as though it is old, which means the data will never get replicated to your other servers. Instead, if newer data is available from your other servers, the Active Directory replication system will use this to update the restored data. To replicate the restored data to the other servers, you must use an authoritative restore.

Distributed Data Reason for Using Normal Restore of System State Data

Active Directory

Restoring a single domain controller in a replicated environment.

SYSVOL

Restoring a single domain controller in a replicated environment.

Replica sets

Restoring all but the first replica sets (that is, sets 2 through n, for n replica sets).

Authoritative restore

To authoritatively restore Active Directory data, you need to run the Ntdsutil utility after you have restored the System State data but before you restart the server. The Ntdsutil utility lets you mark Active Directory objects for authoritative restore. When an object is marked for authoritative restore its update sequence number is changed so that it is higher than any other update sequence number in the Active Directory replication system. This will ensure that any replicated or distributed data that you restore is properly replicated or distributed throughout your organization.

For example, if you inadvertently delete or modify objects stored in Active Directory, and those objects are replicated or distributed to other servers, you will need to authoritatively restore those objects so they are replicated or distributed to the other servers. If you do not authoritatively restore the objects, they will never get replicated or distributed to your other servers because they will appear to be older than the objects currently on your other servers. Using the Ntdsutil utility to mark objects for authoritative restore ensures that the data you want to restore gets replicated or distributed throughout your organization. On the other hand, if your system disk has failed or the Active Directory database is corrupted, then you can simply restore the data nonauthoritatively without using the Ntdsutil utility.

You can run the Ntdsutil command-line utility from the command prompt. Help for the Ntdsutil utility is available through the command prompt by typing ntdsutil /?.

Distributed Data Reason for Using Authoritative Restore of System State Data

Active Directory

Rolling back or undoing changes

SYSVOL

Resetting data

Replica sets

Rolling back or undoing changes

The following resources contain additional information that is relevant to this section.