S 6.78 Data backup under Windows clients

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: User

In Windows 2000 and Windows XP, data backups can be executed using the Windows system utility NTBACKUP.EXE. It must be noted in this case that this program is not able to encrypt the backup media, which means the backup media must be stored securely. However, files encrypted using EFS are backed up in encrypted form. Therefore, data backups using NTBACKUP.EXE must be stored securely and protected against unauthorised access. In contrast to the version of the backup program delivered with Windows NT, newer versions of the backup program also support backing up data to a file, for example, so that the local file can be copied to a server where it is then written to a backup medium when a backup of the server is made.

The NTBACKUP.EXE program is not available in a standard Windows Vista installation. In spite of this, NTBACKUP.EXE can also be used in Windows Vista, for example to restore old data backups from Windows XP systems. NTBACKUP.EXE is available for download from Microsoft. Before installing NTBACKUP.EXE, it is necessary to enable the Removable Storage Manager in Control Panel | Programs | Turn Windows features on or off.

In a standard installation, Windows Vista allows you to back up individual files via Control Panel | System and Maintenance | Backup and Restore and to create images of partitions using Windows Complete PC Backup. It is also possible to generate a Windows Complete PC Backup image with the command line tool wbadmin. When backing up individual files, Windows Vista only supports the file types for pictures, music, videos, emails, documents, TV shows, compressed files and additional files. Windows Vista does not support the backup of files of the following types:

• System files
• Program files
• Files on FAT-formatted hard disks
• Files in the Recycle Bin
• Temporary files and
• User profile settings.

The backup of files encrypted by EFS is only supported in Windows Vista if Service Pack 1 or higher is installed. Windows Vista allows you to back up individual files or store a Windows Complete PC Backup image on a hard disk (internal or external), removable data media such as DVDs and CDs and on network storage resources.

The following points must be taken into account when performing the data backup:

• It must be specified when and how often data is to be backed up on the Windows clients.
• The backup software is also able to back up important system files such as the registry of the local computer, COM+ registries, boot files and the system partition. These files should be backed up at regular intervals and after making major changes to the configuration. To do this, enable the relevant selection boxes in the System Status option.
• On domain controllers, it is also possible to back up the Active Directory data as well as the data in the SYSVOL folder. This data should be included in every backup. The relevant options can also be found on domain controllers in the System Status option.
• When performing the backup, it is absolutely necessary to create a log file. After completing the backup operation, the log file should be examined to check if all data marked for backup was actually backed up and if any errors occurred during the backup. It is recommended for this purpose to enable the Details option in Tools / Options / Backup Log since this makes it possible to determine if all data to be backed up was backed up and if the directories to be backed up were also included in the data backup.
• When restoring files from a backup, it is possible to restore any access protection provided that this was specified in the properties of the recovery job (Start Restore / Advanced button). This option is enabled by default. However, it is only possible to restore access protection for data coming from a Windows NTFS file system.
• The selection of the files and directories to be backed up can be saved to a file and then reloaded again later. This feature was not available in the Windows NT version of the backup program. This mechanism also makes it possible to create several different versions of a backup that include different data.
• Backups should be made at regular intervals. Using the NTBACKUP.EXE backup program, it is possible to schedule the execution of backup jobs at specific times. This means that the backup can also be automated.

System recovery

The system recovery feature was introduced in Windows XP, and it offers new functionality to enable the recovery of previous system states. The system recovery program creates snapshots of the most important system files and of some program files. These snapshots form a recovery point, and the system can be reset to this point later on if necessary. Recovery points are set by Windows before the automatic installation of patches, for example. The use of the Automated System Recovery (ASR) feature can offer certain benefits depending on the local circumstances, and especially on the software distribution strategy implemented. Recovery points can also be set manually by an administrator when needed, e.g. before installing software.

Requirements placed on backup software

If additional software is used to perform data backups of extensive installations or in cases where the availability requirements are high, then it must be ensured when selecting such backup software that it fulfils the following requirements:

• The file systems used, i.e. FAT, NTFS and possibly HPFS as well, should be supported by the backup and restoration processes.
• It must also be possible to back up Active Directory data as well as the data in the SYSVOL folder.
• It should be possible to perform the backups automatically at specified times or at regular (but adjustable) intervals without requiring manual intervention (other than providing backup data media when needed).
• It should be possible to inform one or more selected users automatically of the results of the backup and of any error messages by email (or using a similar mechanism).
• The backup software should support protection of the backup medium using a password or, even better, using encryption. Furthermore, it should be able to save the data backed up in compressed form.
• It should be possible to specify exactly which data should be backed up and which not by specifying suitable Include and Exclude lists when selecting the files and directories to be backed up. It should be possible to add these lists to backup profiles, save them, and then use them again for later backup jobs.
• It should be possible to select the data to be backed up based on the date it was created or its time of last modification.
• The backup software should support the generation of full logical and physical backups as well of incremental backups (change-only backups).
• It should be possible to store the backups on optical data media such as DVDs as well as on hard drives, USB drives and network drives.
• The backup software should be able to automatically compare the data backed up to the original data after the backup and to automatically compare the restored data to the data stored on the backup data medium after restoring the data.
• When restoring files, it should be possible to select if the files should be restored to their original locations or to another hard disk or directory. Likewise, it should also be possible to control the response of the software when there is already a file of the same name stored at the destination specified.
  
  In this case, it must be possible to specify if a file is always overwritten, never overwritten, only overwritten when the existing file is older than the file to be restored, or only overwritten after providing confirmation in an explicit query.

In addition to performing normal data backups, it is also recommended in Windows 2000 to back up the current system configuration after every major change to an Emergency Repair Disk (ERD) so that the current configuration can be restored if any inconsistencies arise due to the changes made (see also S 6.77 Creation of rescue disks for Windows 2000). The Emergency Repair Disk mechanism is not available any more in Windows XP and Windows Vista. The Recovery Console available in Windows XP and Windows Vista can be used for system recovery instead. The Recovery Console can be started from the installation CD or DVD or from the installation diskettes, or it can be integrated into the system so that it is offered as a boot option when booting the system. Since the Recovery Console is a powerful tool, its use must be restricted using the corresponding settings in BIOS or by defining Recovery Console policies (see S 4.244 Secure configuration of Windows client operating systems).

Review questions:

• Are data backups generated using the NTBACKUP.EXE service program stored securely?
• Are there policies stating when and how often backups must be performed in Windows?
• Is a log file created when performing a backup?
• Is this log file checked for errors and any other irregularities after completion of the backup?
• Is the data backup procedure documented?
• Were the requirements defined for the purchase of backup software?
• When restoring data, are the access rights to the data restored as well?