Hack 92 Back Up System State on Remote Machines

figs/moderate.gif figs/hack92.gif

Here's a hack that let's you use the Backup utility to perform a network backup of System State information on remote computers.

The term System State is used in Windows 2000 and later to describe various information used to boot, configure, and run the operating system. At a minimum, System State consists of the Registry, boot files, the COM+ class registration database, and any system files running under Windows File Protection. Servers might have additional System State information, depending on their role. For example, on a domain controller, System State also includes the Active Directory directory service database and the contents of the SYSVOL directory, but if the domain controller is also a DNS server, then System State includes the DS-integrated DNS zone data as well. And if a server is running IIS, then its System State normally includes the IIS metabase as well [Hack #54].

Backing up System State information is critical for recovery from a disaster, and using the Backup utility, it's easy to back up the System State of the local machine. From the GUI, simply start the utility (AccessoriesSystem ToolsBackup), switch to Advanced Mode if your machine is running Windows Server 2003, switch to the Backup tab, select the checkbox labeled System State (see Figure 10-2), and configure the remaining backup options as required. The usual practice is also to back up your boot and system volumes when you back up System State, to ensure you have enough information to recover your system after a disaster.

Figure 10-2. Backing up System State on a domain controller

Note that the checkboxes for the various components of System State are grayed out in Figure 10-2. This is because System State information is interdependent, so you can't back up or restore parts of it; you can restore the System State in its entirety only. After all, it would be useless to back up the directory service database if you didn't also back up Registry keys associated with the service!

Backing up System State from the command line is even simpler: just include the systemstate option in your ntbackup command. For example, to back up the System State data to file as D:\backups\101103.bkf using 10 November 2003 as the name for your backup job, type the following at a command prompt (or include it in a batch file):

ntbackup backup systemstate /j "10 November 2003" /f "D:\backups\101103.bkf"

The Windows help documentation says that the Backup utility (and its command-line equivalent, ntbackup) can be used only to back up the System State of the local computer. This is unfortunate, because backing up System State is critical for server-recovery purposes. It would be nice if you could back up System State for remote machines over the network, instead of having to do it locally on each server. Fortunately, there's a workaround you can use to accomplish this. It's a two-step process that involves configuring a backup job locally on the remote machine and then configuring a network backup to run from your local server that has the tape drive attached.

Configuring Backup on the Remote Machine

First, go to the remote server whose System State you want to back up and log on as a domain administrator or member of the Backup Operators group for the domain. Create a new folder on the server and share it using a name like Sysback; this folder will be used as a temporary in-transit location for storing a backup of the server's System State, so configure NTFS permissions on the folder so that only members of Domain Admins and Backup Operators have access to it.

Now, start the Backup utility on the server and configure it to back up the System State to file (not tape) so that the backup-job file (*.bkf) is saved in the Sysback share you created earlier. Choose the appropriate backup options and schedule the backup to occur at desired intervals.

Configuring Backup on the Local Machine

Return to your local server (the one with the tape drive attached) and map a drive to the Sysback share on the remote server. You could do this by right-clicking on My Computer and selecting Map Network Drive, or you could do it from the command line using the net use command, whichever you prefer.

Now, start Backup on the local machine and configure it to include the mapped drive as part of your backup job. The mapped drive will be displayed in the Backup utility with a checkbox beside it; just select the checkbox to back it up. Finish configuring backup options and schedule your job to run at desired intervals. Now, when the backup job runs on the local machine, it will back up the System State of the remote machine as desired, provided you coordinate your schedules so that the backup job runs first on the remote machine.

Of course, you can also use ntbackup to configure your backup jobs from the command line, if desired. And if Terminal Services (Remote Desktop in Windows Server 2003) is running on the remote server, you could configure the remote job without actually having to walk over to where the remote machine resides.

Evaluating This Approach

You may or may not want to use this approach to back up the System State of your remote servers. Local backups (using a tape drive attached to each server) certainly cost more in terms of hardware and are more work to administer, but they don't have the single point-of-failure problem that network backups (using a centralized backup server with attached tape drive) might experience. And while network backups can generate considerable network traffic, by scheduling backups to take place during off hours or by using a dedicated second LAN, you can minimize this issue. Like most decisions administrators have to make concerning their networks, it's a tradeoff.

By the way, this hack also shows that you can use the Backup utility to back up the Registry on remote computers?something else Windows help says you can't do!