Lesson 1: Backup CHAPTER 14 733 WarnIng STORING BACKUPS ON A DISK VOLUME Do not store your backups on a separate partition on a single hard drive on your computer. If you lose the hard drive due to hardware failure or because it needs to be wiped after a virus attack, you also lose your backup. n An external hard drive External hard drives are more expensive to purchase than internal hard drives, although you need to balance this against the cost of fitting the internal drive. They can be removed and stored in a secure location. However, they are typically slower than internal hard drives and tend to be less reliable, mainly because they are by default formatted using FAT rather than NTFS. You cannot use an external hard drive for a System Image backup unless you convert its filing system to NTFS. Because it is easily removable, it is more likely that an external hard drive will be missing when a scheduled backup is required. n DVD-ROM Optical disks are inexpensive and can be archived in a secure location. You can back up to both CD-ROMs and DVD-ROMs, but in practice, a typical backup would need a large number of CD-ROMs. You probably need a number of DVD-ROMs. You cannot save scheduled System Image backups on DVD-ROMs. DVD-ROMs can become corrupted over time, but the timeframe for this is a number of years. n USB flash drives Flash drive memory is considerably less expensive and flash drive devices support much more memory than they did three or even two years ago. Nevertheless, they typically support a lot less memory than hard drives and quickly fill up if you needed to keep copies of older backups. You cannot save System Image backups to flash memory. A flash drive must be able to hold more than 1 GB if you want to save a backup on it. Flash drives can be stored offsite and are small and easy to carry. They are also easy to lose. n Network location If your computer is short of disk space, you can back it up to a network location on another computer or network storage. Note that this is not the same as the situation in a production environment, where users’ Documents libraries are stored on a file server and an administrator backs up the file server. You can save your backups on a network location only on computers running Windows 7 Professional, Windows 7 Ultimate, and Windows 7 Enterprise, and you need to provide credentials so that Windows Backup can access the network. n A VHD In Windows 7, you can specify a VHD as a backup location. However, the VHD file should not be on the physical disk that you are backing up, or else you could lose your backup if the disk fails. You can also carry out a System Image backup of an entire volume to a VHD disk image file. On Windows 7 Ultimate and Enterprise editions, you can use the Bcdedit tool to make a VHD bootable so you can boot the computer from a backed-up system image. 7 3 4 CHAPTER 14 Recovery and Backup When you have selected your backup medium, click Next and then either let Microsoft Windows choose the files and folders to be backed up or select them manually. If you let Windows choose what is backed up, your backup includes data files that are saved locally in libraries, on the desktop, and in default Windows folders for all users with accounts on the computer. Default Windows folders include AppData, Contacts, Desktop, Downloads, Favorites, Links, Saved Games, and Searches. If the drive you are saving your backup on is formatted using the NTFS file system and has enough disk space, a System Image of your programs, your operating system, and all drivers and registry settings is also included in the backup. However, regular System Image backup cannot be scheduled through the Backup And Restore console. If you choose to select which files you want to be backed up, you can choose local files and folders except for Program files (applications), files stored on hard disks that are formatted using the FAT file system, files in the Recycle Bin, and temporary files on drives smaller than 1 GB. You can also specify whether your backup includes a System Image of your drive or drives that contain an operating system (assuming that your backup destination supports this). You can optionally select the Additional Data item. This backs up items such as Favorites, Saved Games, Searches, Desktop data, and Links. You also have the option of backing up the Documents library. If you want to ensure a particular directory is backed up, specify it directly; or if you let Windows choose the folders to back up, add the directory to the Documents library. When you let Windows choose, it always backs up the Documents library. eXaM tIP Remember that libraries are virtual folders. You can add folders to libraries. You cannot move folders to libraries. When you choose (or let Windows choose) what you want to back up, you are prompted to review your backup settings. By default, backups occur every Sunday at 7:00 p.M. If this is not convenient, you can click Change Schedule. When you are happy with the settings, you click Save Settings And Run Backup. The backup runs immediately (and again at the next time scheduled). Figure 14-3 shows the Backup And Restore console as it appears after you have configured a scheduled backup. The Backup And Restore console supports two kinds of backup: n System Image The System Image backup backs up an entire volume to a .vhd disk image file (which has been compacted to remove empty space). This type of backup enables you to quickly restore a computer and all running applications. However, if you want to boot from this image, as you can in Windows Enterprise and Ultimate editions, you need to ensure that the image is kept up to date. Otherwise, you boot with an image that is unsafe because updates that address known vulnerabilities are not installed. Chapter 2, “Configuring System Images,” addresses this issue. Lesson 1: Backup CHAPTER 14 735 FIGURE 14-3 The Backup And Restore console showing that a backup has started n Files and folders You can store files and documents to compressed (.zip) files. File backups are incremental by default. Also, file backups do not back up system files, program files, Encrypting File System (EFS)–encrypted files, temporary files, files in the Recycle Bin, or user profile settings. File backups can back up to either local media or a shared folder on the network. note MOUNTING A SYSTEM IMAGE IN MICROSOFT WINDOWS VIRTUAL PC You can also mount a system image created by System Image backup in Windows Virtual PC, which is included when you install Windows XP Mode. More Info VIRTUAL PC AND WINDOWS XP MODE For more information about Virtual PC and Windows XP Mode, access http://www.microsoft .com/windows/virtual-pc/ and follow the links. eXaM tIP Remember that the Backup And Restore utility in Windows 7 writes System Image backups in VHD format. In Windows 7 Enterprise and Ultimate editions, you can mount a backup in the Disk Management console by using the Diskpart utility and then use the Bcdedit utility to make the VHD bootable. The Backup And Restore utility does not store System Image backups in any other file format, such as ISO, WIM, or BAK. 7 3 6 CHAPTER 14 Recovery and Backup Quick Check n All the client computers on your production network run Windows 7 Enterprise. They all have a single internal hard disk. You do not intend to provide an external hard disk for every client computer. You want to perform regular System Image backups. What type of backup destination would you use? Quick Check Answer n In this scenario, you would back up to a network share on either a storage network system or a file server. Backup And Restore in Windows 7 supports backing up data files to CD-ROM, DVD-ROM, hard disk (including VHD files), or a network location. You can use Backup And Restore to write a System Image backup to an internal hard disk drive, an external hard disk drive (if formatted with the NTFS file system) and a network location. You cannot use Backup And Restore to write a System Image backup to a USB flash drive, a writable DVD, or a tape drive. Bear in mind that you can save your backups on a network location only on computers running Windows 7 Professional, Windows 7 Ultimate, and Windows 7 Enterprise. Remember also that tape drives are not supported by the Backup And Restore utility. note BitLocker You cannot select a backup destination that has BitLocker enabled. File and Folder Backups The Backup And Restore console graphical user interface (GUI) manually initiates backup and restore sessions and schedules automatic backups. You need to schedule client computers that store important data for automatic backup. After you first configure automatic file backup using the Backup And Restore console, Windows 7 regularly backs up your files. The first time a backup is performed, a full backup is done, including all important user documents. Subsequent backups are incremental, backing up only changed files. Older backups are discarded if the disk begins to run out of space. For example, if you configure a nightly scheduled backup and change a file every day, a copy of that file is stored in each day’s Backup Files folder. By storing multiple versions of a single file, Windows 7 gives users the opportunity to choose from several older copies of a file when using the Previous Versions tool (described in Lesson 3, “Recovering Files and Folders”). When you restore files, you need only restore from a single backup because Windows 7 automatically locates the most recent version of each file. Windows 7 uses shadow copy (described in Lesson 3) to back up the last saved version of a file. Therefore, if a file is open during the backup, that file will be backed up. However, any changes the user made since last saving the file are not backed up. Lesson 1: Backup CHAPTER 14 737 You need administrator credentials to configure scheduled backups or to manually initiate a backup. However, restoring files does not require administrator privileges unless a user attempts to restore another user’s file. If you perform a file backup to a shared network folder, the credentials used to run the backup must have Full Control share and NTFS permissions for the destination folder (known as Co-owner permissions in the Windows 7 Setup Wizard). To reduce security risks, you should set up a user account that is used only by the backup application and configure share and NTFS permissions to grant access only to the backup user. The backup account requires administrative privileges to the computer being backed up, but it needs permissions only to the share and folder on the target computer. File and Folder Backup Structure When a user chooses to perform a backup to an external hard disk, Windows 7 automatically creates a folder in the root of the hard disk using the computer name. Within that folder, backups are saved in the format: Backup Set <year-month-day> <time>. For example, if your computer name is Canberra, your backup location is H:, and you backed up on July 4, 2009, at 16:36:39, your backup is located in H:\Computer\Backup Set 2009-07-04 163639, as shown in Figure 14-4. FIGURE 14-4 Backup set 7 3 8 CHAPTER 14 Recovery and Backup The folder structure is created when you first perform a backup. However, the name of the Backup Set folder is never updated, so the date indicated by the folder name is older than the dates of the files contained within the folder. A new Backup Set folder is created only when you perform a full backup. Within each Backup Set folder, Backup creates a series of folders that are named using the date on which the incremental backup was performed. Additionally, Backup creates a Catalogs folder within the root Backup Set folder. Figure 14-5 shows the backup folder structure for the Canberra computer. The File And Folder backup is stored in the Canberra folder. A System Image backup was not performed in this instance because this is implemented later in this lesson using commands entered in an elevated command prompt. However, if a System Image backup had been implemented, it would be stored in the WIndowsImageBackup folder on the H: drive. File permissions on all folders and files are restricted to administrators, who have full control, and to the user who configured the backup, who has read-only permissions by default. FIGURE 14-5 Backup folder structure Within each of the backup folders is a series of compressed (.zip) files named Backup files xxx.zip, where xxx is an incremental number to make each file name unique. For example, a backup folder might contain the following files: n Backup files 1.zip n Backup files 2.zip n Backup files 3.zip These are standard compressed files that you can open by using the decompression capabilities in Windows 7 or by using third-party tools. Because Windows 7 can search compressed files, you can find a backup of a specific file by searching the backup folders and Lesson 1: Backup CHAPTER 14 739 then extracting that file from the compressed folder without needing to access the Backup And Restore console directly. You can restore files backed up in Windows 7 even if your computer is booted into a different operating system. The Catalogs folder contains a file named GlobalCatalog.wbcat. This contains an index of the individual files that have been backed up and the compressed file in which the backup is contained. Windows 7 uses this information to quickly locate a file for restoration. The Catalogs folder also contains a list of file permissions for each backed-up file. Therefore, permissions are intact if you restore files using the Backup And Restore tool. However, if you restore a file from the compressed folder directly, the file inherits the permissions of the parent folder into which it is restored rather than keeping the file permissions of the original file. Implementing System Image Backups System Image backups make a block-by-block backup of your system volume to a .vhd file, which is stored on local storage such as a second hard disk. You can store a .vhd file on a second hard disk even when that disk holds another operating system. Subsequent backups to the same media automatically perform an incremental backup. Only the portions of the hard disk that have changed are copied to the existing System Image backup. Only a single version of the System Image backup is stored. The Backup And Restore console does not provide a graphical tool for scheduling System Image backups. You need to create a System Image backup manually from the Backup And Restore console whenever you have made significant changes to a computer’s configuration. Take care that if you restore a System Image backup and boot from it, or if you make the VHD bootable for failover protection, your computer could be vulnerable unless the System Image includes security updates. Although you cannot use Backup And Restore to schedule System Image backups, you can use the Wbadmin command-line utility to perform this function. For example, to initiate a System Image backup of the C: drive to the H: drive, you run the following command from an elevated command prompt: wbadmin start backup –backuptarget:h: -include:c: -quiet A portion of the output of this command is shown in Figure 14-6. Note that the H: drive needs to be formatted with the NTFS file system if it is to be used for a System Image backup. Note also that if the volume being backed up (in this case the C: drive) contains a VHD and if that VHD is mounted, the files on that VHD are not backed up. The first time you initiate a System Image backup, it backs up every block on the system volume. Each subsequent time, it updates the previous backup. As with any command-line routine, you can put this command into a batch file and schedule it by using Windows Task Scheduler. You need to configure the task to run with administrative privileges. You do this by specifying an administrative user account and selecting the Run With Highest Privileges check box on the General tab of the task’s Properties dialog box. 7 4 0 CHAPTER 14 Recovery and Backup FIGURE 14-6 Performing a System Image backup using the Wbadmin utility More Info Wbadmin For more information about the Wbadmin utility, see http://technet.microsoft.com/en-us/ library/cc754015.aspx. System Image Backup Structure When you create a System Image backup, Windows 7 creates a WindowsImageBackup folder in the root of the backup media. Within this folder, it creates a folder with the current computer’s name. It then creates a Catalog folder containing the GlobalCatalog and BackupGlobalCatalog files, and a Backup <year>-<month>-<date> <time> folder containing the disk image file. To back up an entire volume, System Image creates a VHD disk image file. VHD files were discussed in detail in Chapter 2. System Image backups also create the following files: n A MediaId file in the <ComputerName> folder to identify the disk image n GlobalCatalog and BackupGlobalCatalog files in the Catalog folder to track the backup image versions n Extensible Markup Language (XML) files in the Backup folder that contain configuration settings for the backup file note COMPLETE PC BACKUP A System Image backup is sometimes termed a complete PC backup because it backs up all the files in one or more volumes. However, be aware that a System Image backup can be used to back up only one volume in a computer that holds several. If you are using System Image backup to back up all volumes on your computer, your destination is typically a network share. Lesson 1: Backup CHAPTER 14 741 Quick Check n You want to schedule System Image Backup to run every two weeks. How would you do this? Quick Check Answer n You would create a batch file that uses the Wbadmin utility to perform a System Image backup. You would use Task Scheduler in the Computer Management console to schedule this task to run on a specified day at a specified time every two weeks. Practice Configuring a File and Folder Backup In this practice, you reconfigure your backup to include important files on your computer. You should adjust the procedure to back up your own files on your Canberra computer. You also create a system repair disk. exercise 1 Reconfiguring a Backup In this exercise, you specify files and folders on files on your Canberra computer that you want to back up on a regular basis. You also redefine the backup schedule. The exercise assumes you have already configured a file and folder backup on Canberra specifying the default settings. 1. Log on to the Canberra computer with the Kim_Akers account. 2. Open Control Panel, click System And Security, and click Backup And Restore. 3. In the Backup And Restore window, click Change Settings. note THE CHANGE SETTINGS OPTION The Change Settings option is not available unless you have configured a backup sched- ule and performed a backup. As discussed earlier in this lesson, you are prompted to do this the first time you open the Backup And Restore console. 4. Select a destination volume, for example a second internal hard disk drive or a USB external hard disk drive. 5, Click Next. On the Set Up Backup page, select Let Me Choose. Click Next. 6, Choose the files you want to back up. Your choice will probably be different from that shown in Figure 14-7. Do not select the Include A System Image Of whatever system volumes Windows selects check box. 7. Click Next. 8. On the Review Your Backup Settings page, click Change Schedule. 7 4 2 CHAPTER 14 Recovery and Backup FIGURE 14-7 Choosing the files that you want to back up 9. Select a backup schedule of 12:00 a.M. (Midnight) and Daily, as shown in Figure 14-8. FIGURE 14-8 Choosing a backup schedule 10. Click OK. Review your backup settings. If they are OK, click Save Settings And Exit. . running Windows 7 Professional, Windows 7 Ultimate, and Windows 7 Enterprise, and you need to provide credentials so that Windows Backup can access the network. n A VHD In Windows 7, you can. save your backups on a network location only on computers running Windows 7 Professional, Windows 7 Ultimate, and Windows 7 Enterprise. Remember also that tape drives are not supported by the. 16:36:39, your backup is located in H:ComputerBackup Set 200 9- 0 7- 04 163639, as shown in Figure 1 4-4 . FIGURE 1 4-4 Backup set 7 3 8 CHAPTER 14 Recovery and Backup The folder structure is created