Backup and Recovery Overview for Windows Server 2008 R2
Applies To: Windows Server 2008 R2
Windows Server 2008 R2 contains features to help you create backups and, if needed, perform a recovery of your operating system, applications, and data. By using these features appropriately and implementing good operational practices, you can improve your organization's ability to recover from damaged or lost data, hardware failures, and disasters. For Windows Server 2008 R2, there are new features that expand what you can back up, where you can store backups, and how you can perform recoveries.
This topic contains the following sections:
Backup and recovery technologies
Shadow Copies of Shared Folders overview
Windows Server Backup overview
Windows Recovery Environment overview
Windows Server Backup Security Considerations
Backup and recovery technologies
There are several features that you can use together to create backups and perform recoveries of your server systems and data. These features include the following:
Shadow Copies of Shared Folders. This feature is an extension to the Shared Folders Microsoft Management Console (MMC) snap-in.
Windows Server Backup tools. These include the Windows Server Backup MMC snap-in, the Wbadmin command, and the Windows PowerShell cmdlets for Windows Server Backup.
Windows Recovery Environment. This environment includes the System Image Recovery tool, the Windows Memory Diagnostic tool, and the Command Prompt.
This table summarizes the tools you can use to perform the following backup or recovery tasks for your computers running Windows Server 2008 R2:
Shadow Copies of Shared Folders |
Windows Server Backup snap-in |
Wbadmin command |
Windows PowerShell cmdlets (Windows.ServerBackup) |
Windows Recovery Environment |
|
Create shadow copies of files or folders on a shared resource |
YES |
||||
Create schedule for backups to be run automatically |
YES |
YES |
YES |
||
Create a one-time supplemental backup |
YES |
YES |
YES |
||
Perform a recovery of files, folders, applications, volumes, system state, and catalog |
YES |
YES |
YES |
||
Perform a bare metal recovery, full server recovery, or recovery of the operating system |
YES |
||||
Remote management |
YES |
YES |
YES |
Shadow Copies of Shared Folders overview
Shadow Copies of Shared Folders provides point-in-time copies of files that are located on shared resources, such as a file server.
What is Shadow Copies of Shared Folders?
Shadow Copies of Shared Folders is a feature included in the Shared Folders MMC snap-in that you or your users can use to view shared files and folders as they existed at points of time in the past. Accessing previous versions of files, or shadow copies, is useful because you can:
Recover files that were accidentally deleted. If you accidentally delete a file, you can open a previous version and copy it to a safe location.
Recover from accidentally overwriting a file. If you accidentally overwrite a file, you can recover a previous version of the file. (The number of versions depends on how many snapshots you have created.)
Compare versions of a file while working. You can use previous versions when you want to check what has changed between versions of a file.
However, creating shadow copies is not a replacement for creating regular backups. Use a tool such as Windows Server Backup to create regular backups of your server. Also, you can only enable Shadow Copies of Shared Folders on a per-volume basis—that is, you cannot select specific shared folders and files on a volume to be copied or not copied.
Hardware and software considerations for Shadow Copies of Shared Folders
Shadow Copies of Shared Folders is available in all editions of Windows Server 2008 R2. However, the Shadow Copies of Shared Folders user interface is not available for the Server Core installation option of Windows Server 2008 R2. To create shadow copies for computers with a Server Core installation, you need to manage this feature remotely from another computer.
If you plan to defragment the source volume on which Shadow Copies of Shared Folders is enabled, we recommend that you set the cluster allocation unit size to be 16 KB or larger when you initially format the source volume. If you do not, the number of changes caused by defragmentation can cause previous versions of files to be deleted.
If you require NTFS file compression on the source volume, you cannot use an allocation unit size larger than 4 KB. In this case, when you defragment a volume that is very fragmented, you may lose older shadow copies faster than expected.
Additional references for Shadow Copies of Shared Folders
For more information about Shadow Copies of Shared Folders and recovering files and folders, see the following resources:
For instructions to enable and manage Shadow Copies of Shared Folders, see the local Help by typing the following command at a command prompt: hh scfs.chm.
For technical information about Shadow Copies of Shared Folders, see https://go.microsoft.com/fwlink/?LinkId=94407.
For technical information about how to use Shadow Copies of Shared Folders with the Previous Versions client, see https://go.microsoft.com/fwlink/?LinkId=94410.
For technical information about backup and recovery, see https://go.microsoft.com/fwlink/?LinkId=93236.
Windows Server Backup overview
Windows Server Backup is a feature that provides a set of wizards and other tools for you to perform basic backup and recovery tasks for your servers. This feature has been updated since its first release in Windows Server 2008. In addition, the previous backup feature (Ntbackup.exe) that was available with earlier versions of Windows has been removed.
What is Windows Server Backup?
Windows Server Backup consists of an MMC snap-in, command-line tools, and Windows PowerShell cmdlets that provide a complete solution for your day-to-day backup and recovery needs. You can use the four wizards to guide you through running backups and recoveries. You can use Windows Server Backup to back up a full server (all volumes), selected volumes, the system state, or specific files or folders, and to create a backup that you can use for bare metal recovery. You can recover volumes, folders, files, certain applications, and the system state. And, in case of disasters like hard disk failures, you can perform a system recovery or bare metal recovery by using a full server or a bare metal recovery backup and the Windows Recovery Environment—this will restore your complete system onto the new hard disk.
You can use Windows Server Backup to create and manage backups for the local computer or a remote computer. Also, you can schedule backups to run automatically.
Windows Server Backup is intended for use by everyone who needs a basic backup solution—from small business owners to IT professionals in large enterprises. However, the design makes it especially well-suited for smaller organizations or individuals who are not IT professionals.
Note
You cannot recover backups that you created in earlier versions of Windows with Ntbackup.exe by using Windows Server Backup. However, a version of Ntbackup.exe is available as a download to Windows Server 2008 and Windows Server 2008 R2 for users who want to recover data from backups created using Ntbackup.exe. The downloadable version of Ntbackup.exe is only for recovering backups for older versions of Windows and cannot be used to create new backups. To download Ntbackup.exe, see https://go.microsoft.com/fwlink/?LinkId=82917.
Features in Windows Server Backup
Windows Server Backup snap-in. This tool contains four wizards to help you perform backups and recoveries of your servers: Schedule Backup Wizard, Backup Once Wizard, Recovery Wizard, and Catalog Recovery Wizard. You can use the main page of the snap-in to view information about any past or future backup or recovery operations. Also, you can use the tool to configure performance options for backups and recoveries.
As a new functionality in Windows Server 2008 R2, you can create backups with the Schedule Backup Wizard and the Backup Once Wizard that you can use to perform system state or bare metal recoveries. Other new functionality includes the ability to store scheduled backups on a remote shared folder, to back up specific files and folders rather than full volumes, and the ability to exclude files based on location and file type.
Wbadmin command. Windows Server Backup includes the Wbadmin command and documentation, which enable you to perform the same tasks at the command line that you can perform by using the snap-in. For more information, see the Command Reference (https://go.microsoft.com/fwlink/?LinkId=140216). You can also automate backup activities through scripting.
Changes to this command are the same as the changes for the Windows Server Backup snap-in.
Windows PowerShell cmdlets for Windows Server Backup. Windows Server 2008 R2 contains an updated collection of cmdlets for Windows Server Backup that you can use to write scripts to perform backups. For more information, see https://go.microsoft.com/fwlink/?LinkId=140217.
Hardware and software considerations for Windows Server Backup
Windows Server Backup is available in all editions of Windows Server 2008. However, the Windows Server Backup snap-in is not available for the Server Core installation option. To run backups for computers with a Server Core installation, you need to either use the command line or manage backups remotely from another computer.
Windows Server Backup supports external and internal hard disks, optical media drives, and removable media drives. You can no longer back up to tape—however, support of tape storage drivers is still included. To perform a scheduled backup, as a best practice, use an external hard disk that supports either USB 2.0 or IEEE 1394.
Additional references for Windows Server Backup
For more information about Windows Server Backup, see the following resources:
For instructions to install Windows Server Backup and to create backups and perform recoveries, see the local Help by typing the following command at a command prompt: hh backup.chm.
For technical information, see https://go.microsoft.com/fwlink/?LinkId=93236.
For information about the Wbadmin command, see the Command Reference (https://go.microsoft.com/fwlink/?LinkId=140216).
For information about cmdlets for Windows Server Backup, see https://go.microsoft.com/fwlink/?LinkId=140217.
For in-depth troubleshooting information for events, see https://go.microsoft.com/fwlink/?LinkId=140218.
Windows Recovery Environment overview
Windows Recovery Environment is a partial version of the operating system and a set of tools that you can use to perform system recoveries (along with a backup that you created earlier using Windows Server Backup).
What is Windows Recovery Environment?
You can access the recovery and troubleshooting tools in Windows Recovery Environment through the System Recovery Options dialog box in the Install Windows Wizard. In Windows Server 2008 R2, to launch this wizard, use the Windows Setup disc or start/restart the computer, press F8, and then select Repair Your Computer from the list of startup options.
You can disable or enable Windows Recovery Environment by doing the following:
To disable Windows Recovery Environment
To open a command prompt with elevated privileges, click Start, right-click Command Prompt, and then click Run as administrator.
At the prompt type: <systemdrive>:\Windows\System32\REAgentC.exe /disable
Note
This procedure prevents Windows Recovery Environment from being launched manually by pressing F8.
To re-enable Windows Recovery Environment
To open a command prompt with elevated privileges, click Start, right-click Command Prompt, and then click Run as administrator.
At the prompt type: <systemdrive>:\Windows\System32\REAgentC.exe /enable
You can also configure your servers to fail over to the Windows Recovery Environment if they fail to boot. (For instructions, see https://go.microsoft.com/fwlink/?LinkId=94458.)
Features in Windows Recovery Environment
The tools in Windows Recovery Environment include:
System Image Recovery. You can use this tool and a backup that you created earlier with Windows Server Backup to restore your operating system or full server.
Windows Memory Diagnostic. You can use this tool (which is a memory diagnostic schedule) to check your computer's RAM. Doing this requires a restart. In addition, this tool requires a valid Windows Server 2008, Windows Vista, Windows Server 2008 R2, or Windows 7 installation to function.
Command Prompt. This opens a command prompt window with Administrator privileges that provides full access to your file system and volumes. In addition, certain Wbadmin commands are only available from this command window. For information about the Wbadmin command, see the Command Reference (https://go.microsoft.com/fwlink/?LinkId=140216).
Hardware and software considerations for Windows Recovery Environment
Windows Recovery Environment is available in all editions of Windows Server 2008 and Windows Server 2008 R2. However, the processor architecture for a given instance of Windows Recovery Environment and the computer whose system you are trying to restore must match. For example, Windows Recovery Environment for an x64-based version of the operating system only works on an x64-based computer. In addition, your hardware manufacturer may have installed Windows Recovery Environment on a partition on your server—if not, you will need a Setup disc to access this tool.
For Windows Server 2008 R2, the Windows Recovery Environment is installed by default, except for the Server Core installation option.
Additional references for Windows Recovery Environment
For more information about Windows Recovery Environment and recovering your server, see the following resources:
For technical information about Windows Recovery Environment, see https://go.microsoft.com/fwlink/?LinkId=94414.
For technical information about backup and recovery, see https://go.microsoft.com/fwlink/?LinkId=93236.
Windows Server Backup Security Considerations
When using Windows Server Backup to create backups of files, folders, or entire computers, you should be aware of the following security considerations:
Consideration |
Impact |
Who has rights to backup content on the computer? |
Members of administrators group and backup operators group have the right to backup files and folders on a computer by default. Members of the Server Operators group on domain controllers also have this right. Other user accounts or groups must have the Back up files and directories user right specifically assigned to be able to use Windows Server Backup to backup content from a computer. |
Who has rights to restore content to the computer? |
Members of administrators group and backup operators group have the right to backup files and folders on a computer by default. Members of the Server Operators group on domain controllers also have this right. Other user accounts or groups must have the Restore up files and directories user right specifically assigned to be able to use Windows Server Backup to restore content to a computer. |
How will your backup information be safeguarded? |
Once the backup is made any confidential data on the computer is stored with the backup. You should take the same protections to safeguard that data as you would with the computer it originated from. If it is stored in a network location, it should have restricted access rights so that only trusted users have access. A disk encryption program such as BitLocker can be used to encrypt the storage location after the backup is made to further protect the information in the backup. |
How is online access to the backups controlled? |
Windows uses Kerberos authentication and authorization methods to validate user’s rights to the backup location by default. |
How is physical access to the backup storage devices controlled? |
Backup storage devices should be kept in a restricted access location. To further safeguard the storage disks from being compromised, you should encrypt the disks using a disk encryption program such as BitLocker to require that either a certain computer or a certain user credential is used to access the disk. |
What events should I audit? |
At a minimum audit Microsoft-Windows-Backup event 50 which is caused by lack of space on the backup location and event 214 which is the successful restore of files. Lack of space in a target location will prevent backups from occurring until the issue is resolved. Restoring files should be an uncommon event, if file restores are happening regularly it is important that you be aware of the conditions that are causing files to have to be restored as there may be an underlying process or hardware issue that needs to be addressed. |