Backing Up the Registry Regularly
Backup Utility has come a long way since the original version that shipped with the earliest versions of Windows. Microsoft licenses Backup Utility from VERITAS Software Corporation (http://www.veritas.com), and it's a modified edition of the company's Backup Exec. Users of the Windows 2000 backup program are already familiar with this version. The user interfaces of the two versions are almost identical, and the steps for backing up a computer are almost the same. As with the earlier version of this utility, you can back up to a file, tape, or other removable media. Enterprise users will likely have tape changers to automate a full backup schedule, including tape swapping. Backup-to-disk is another popular option for option due to the growth of storage servers.
Windows makes a few significant enhancements. The first is Shadow Copy. A volume shadow copy is an exact copy of the contents of a hard disk, including open files, at any given point in time. Users can continue to access files on the hard disk while Backup Utility backs them up during a volume shadow copy. In this way, it correctly copies files that change during the backup process. Shadow Copy ensures that programs can continue to write to files on the volume, open files aren't omitted from the backup, and backing up the system doesn't lock users out.
To open Backup Utility, click Start, All Programs, Accessories, System Tools, and then Backup. I prefer to use the mouse as little as possible, so I just click Start, Run, and type ntbackup in the Run dialog box. Backup Utility has a robust set of command-line options you can use to script the backup process; you can learn more about those options in Backup Utility's Help. That's the hard way to use Backup Utility's command-line options. The easy way is to schedule a job using Backup Utility, configure options in its user interface, and then copy its command line syntax from the backup job's entry listed in the Scheduled Tasks folder. Why spend an hour getting the command line just right when Backup Utility can do that for you?
NOTE
To back up a computer's file and folders, users must be in the Administrators or Backup Operators groups. If they aren't in either of those groups, they must have at least Read permission on each file and folder they want to back up using Backup Utility. Alternatively, you can grant users the Back Up Files And Directories and the Restore Files And Directories user rights.
Backing Up Using Symantec Ghost
I'm a big fan of Symantec Ghost Corporate Edition, which you can learn more about at http://www.symantec.com. It's the tool I prefer for deploying Windows in big environments. It's also useful as a backup utility, and you can use the Personal Edition of Ghost to back up a single computer.
The backup strategy for my home-office network uses both Ghost and Windows' Backup Utility. Backup Utility is better at protecting documents than it is at protecting entire configurations. To restore a computer from a backup tape, you first have to install Windows on the computer, and honestly, it takes as much time to reinstall everything from the very beginning as it takes to restore a good backup. That's why I prefer to protect my configurations using Ghost. After installing Windows and all of my applications on a computer, I create an image of the computer's disk on the server. I update that image any time I make a significant change to the computer, such as after I install new applications. If the computer fails, I can use a Ghost boot disk to start the computer and restore the disk image, and the computer is running again. The process takes less than 15 minutes, whereas restoring the computer using Backup Utility can take a few hours.
I protect important documents and other important files using Backup Utility. Documents, images, and many other files change often enough that it's impractical to use Ghost to protect them. Thus, I schedule Backup Utility to run each day so that I can restore any of my documents if something goes wrong.
I take this approach one step further by completely separating my configuration from my data. I use Folder Redirection to move users' My Documents folders from their local user profiles to a central location on the network. I back up all users' documents each time I back up their redirected folders that are located on the server. For the most part, then, each computer's configuration is completely replaceable. I can restore its current disk image and log on to Windows, and the computer is back to where it was before it failed.
Planning a Backup Strategy
If you're an IT professional in a large enterprise, you already have a backup strategy. Many small and home-based businesses go without backup strategies or backing up their computers at all, and that's a shame. Unproductive downtime probably hurts small businesses more than it hurts huge enterprises, but it can be easily avoided. Whether you back up your computers using Backup Utility, Symantec Ghost, or any other method, just do it, and do it often.
The first part of a good strategy is rotation–that is, keeping backups around for a period of time so you can restore any one of them later. For example, you might back up computers once a week and keep each backup set for a month. You'll always have the four most recent backups available. I use tapes and like to keep one set of tapes offsite in case of a disaster. (I also store tapes in a fireproof safe, but you never know about fireproof safes until you try them.) Use a rotation that works for you; on my server, I use the one shown in Figure 3-5. (Backing up individual computers isn't necessary because I store anything I want to save on the server.) I don't change my daily backup tapes because one tape holds a full week's worth of changes. That's why I can get away with having only nine sets of tapes. With more users, you might change tapes daily. Here's a summary of what you see in Figure 3-5:
Move the most recent full-backup tape offsite (tape 5).
Back up the entire server to tape (tapes 1 through 4).
Back up changed files to tape and mark those files as archived (tapes 6 through 9). The backup set includes system information, users' home folders, documents, mail folders, roaming user profiles, and more.
Figure 3-5 Normal backup tapes contain all the server's files; incremental backup tapes contain only files that changed since the last normal or incremental backup.
The second part of a good strategy is automation. You'll never stick to your backup plan if you don't automate it. Backup Utility integrates with Scheduled Tasks to schedule backup jobs through its own user interface, so this is easy. You can schedule your own backup jobs in Scheduled Tasks, but the command-line options are a bit intense, so I'd stick to the user interface. If your backup jobs require multiple tapes, as mine usually do, you'll have to be around to swap tapes. Large organizations will want to consider investing in a robotic tape changer or library, if they haven't already invested in large-scale backup technology.
Backing Up System State Data
In Backup Utility, you don't see an option to back up the registry. Furthermore, if you try to back up the hive files in %SystemRoot%\System32\config, you'll fail. Instead, you back up the Windows system state data. System state data is the combination of the following system components:
Registry
COM+ Class Registration database
Boot files, including the system files
System files that are under Windows File Protection
A server's system state data might include additional components, including Active Directory data, SYSVOL, Certificate Services database, and more, depending on the role of the server.
To back up the registry, you have to copy all the system state data. Likewise, in order to restore the registry, you have to restore all the system state data. This makes Backup Utility less than ideal for backing up the registry if that's all you're really trying to accomplish. To back up Windows system state data, select the System State check box in Backup Or Restore Wizard, shown in Figure 3-6, or click Only Backup The System State Data in Backup Wizard. (Note that they are two different wizards.) You can also select the System State check box on Backup Utility's Backup tab.
Backup Utility doesn't back up and restore everything on the computer. The key HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore contains two interesting subkeys. The first subkey, FilesNotToBackup, contains a list of files and folders that Backup Utility skips. Each value contains a path to skip, and those values often contain wildcards. The second subkey, KeysNotToRestore, contains a list of keys not to restore to the computer. Likewise, each value contains a key to skip, and you see wildcards in many of the values. You'll find few surprises in either subkey. For example, Backup Utility doesn't back up System Restore's restore points because \System Volume Information\_restoreGUID\* is in FilesNotToBackup. It doesn't restore Plug and Play information, either, because CurrentControlSet\Enum\ is in KeysNotToRestore. For a complete list of the files and subkeys listed in these subkeys, visit http://support.microsoft.com/default.aspx?scid=kb;en-us;233427.
Figure 3-6 Backup Or Restore Wizard is the default user interface for Backup Utility. If you'd rather use the classic user interface, click Advanced Mode on the first page.
Restoring System State Data
Restoring system state data from a backup is similar to backing up the system state data in the first place. If you backed up only system state data, just restore the entire backup. Otherwise, click System State in Backup Or Restore Wizard or on Backup Utility's Restore And Manage Media tab. If you restore the files to the original location, you'll restore your computer's settings, protected system files, boot files, and so on. This is the quick approach to restoring system state data from a backup.
However, the precise approach is sometimes more appropriate. Restore the files to an alternate location. Backup Utility tells you that it won't restore all system state data to alternate locations, but don't worry; it does restore the registry hive files. Figure 3-7 shows you the contents of system state data as well as how Backup Utility restores the registry to an alternate location. When you restore system state data to a folder, the registry hive files are in the subfolder \Registry. You can load these hive files in Regedit and then copy settings from them to the working registry.
You don't always have to restore a backup to get the backup copy of the registry. If the most recent backup contains the settings you want to restore, you'll be happy to know that Backup Utility copies the hive files to %SystemRoot%\Repair. Don't try replacing the hive files in %SystemRoot%\System32\config with the backup copies you find in %SystemRoot%\Repair–you can't because they're in use by Windows. You can load the backup hive files by using Regedit to borrow settings from them, or you can start Recovery Console and then copy the backup hive files to %SystemRoot%\System32\ Config. It's worth pointing out that System Restore does a far better job of restoring your settings than you can.
Figure 3-7 Restoring system state data to an alternate location is the best choice if you want to restore a limited number of files or settings.