Windows Server 2003 : Advanced Backup and Restore (part 1) - Backup Options, The Ntbackup Command

10/12/2012 2:25:59 AM
Now that you have created a backup plan and verified your procedures for backup and restore, you will want to understand the process in more depth so that you can configure backup operations to be more flexible, more automated or perhaps even easier.

Understanding VSS

Windows Server 2003 offers VSS, also referred to as “snap backup.” VSS allows the backing up of databases and other files that are held open or locked due to operator or system activity. Shadow copy backups allow applications to continue to write data to a volume during backup, and allow administrators to perform backups at any time without locking out users or risking skipped files.

Although VSS is an important enhancement to the backup functionality of Windows Server 2003, it is nevertheless best practice to perform backups when utilization is low. If you have applications that manage storage consistency differently while files are open, that can affect the consistency of the files in the backup of those open files. For critical applications, or for applications such as Microsoft SQL Server that offer native backup capabilities, consult the documentation for the application to determine the recommended backup procedure.

Backup Security

You must have the Backup Files And Directories user right, or NTFS Read permission, to back up a file. Similarly, you must have the Restore Files And Directories user right, or NTFS Write permission to the target destination, to restore a file. Privileges are assigned to both the Administrators and Backup Operators groups, so the minimum required privileges can be given to a user, a group, or a service account by nesting the account in the Backup Operators group on the server.

Users with the Restore Files And Directories user right can remove NTFS permissions from files during restore. In Windows Server 2003, they can additionally transfer ownership of files between users.

Therefore, it is important to control the membership of the Backup Operators group and to physically secure backup tapes. A “loose” backup tape makes it easy for any intelligent individual to restore and access sensitive data.

Managing Media

The Backup Utility of Windows Server 2003 works closely with the RSM service. RSM, which is designed to manage robotic tape libraries and CD-ROM libraries, accepts requests for media from other services or, in this case, applications, and ensures that the media is correctly mounted or loaded.

RSM is also used with single-media devices, such as a manually loaded backup tape drive, CD-ROM, or Iomega Jaz drive. In the case of single-media drives, RSM keeps track of media through their labels or serial numbers. The impact of RSM is that, even in a single-media drive backup system, each tape must have a unique label.

Media Pools

The Backup Utility of Windows Server 2003 manages tapes with RSM using media pools, as seen in Figure 1.

Figure 1. Media pools

There are four media pools related to backup:

  • Unrecognized Tape media that are completely blank or in a foreign format are contained in the Unrecognized pool until they are formatted.

  • Free This pool contains newly formatted tape media, as well as tapes that have been specifically marked as free by an administrator. Free media can be moved into the backup media pool by writing a backup set to them.

  • Backup This pool contains media that have been written to by the Backup Utility. The Backup Utility will only write to media in the Free media pool (and it will label the tape with the name you enter just before starting the backup) and to media, specified by name, in the Backup media pool.

  • Import This pool contains tape media that are not cataloged on the local disk drive. Cataloging such a tape will move the tape into the backup media pool.

Managing Tapes and Media Pools

In conjunction with backup procedures and tape rotation, you will need to manage your tapes in and out of these media pools. To that end, the following actions are available from the Restore And Manage Media page of the Backup Utility:

  • Format a tape Right-click a tape and choose Format. Formatting is not a secure way to erase tapes. If you need to erase tapes for legal or security reasons, use an appropriate third-party utility. Formatting does, however, prepare a tape and move it into the free media pool. Not all drives support formatting.

  • Retension a tape Right-click a tape and choose Retension. Not all drives support retensioning.

  • Mark a tape as free Right-click a tape and choose Mark As Free. This moves the tape into the free media pool. It does not erase the tape. If you need to erase tapes for legal reasons, use an appropriate third-party utility.


When the Backup Utility creates a backup set, it also creates a catalog listing files and folders included in the backup set. That catalog is stored on the disk of the server (the local or on-disk catalog) and in the backup set itself (the on-media catalog). The local catalog facilitates quick location of files and folders to restore. The Backup Utility can display the catalog immediately, rather than load the catalog from the typically slower backup media. The on-media catalog is critical if the drive containing the local catalog has failed, or if you transfer the files to another system. In those cases, Windows can recreate the local catalog from the on-media catalog.

The Restore And Manage Media page of the Backup Utility allows you to manage catalogs, as follows:

  • Delete Catalog Right-click a backup set and choose Delete Catalog if you have lost or damaged the backup media or if you are transferring files to another system and no longer require its local catalog. The on-media catalog is not affected by this command.

  • Catalog A tape from a foreign system that is not cataloged on the local machine will appear in the import media pool. Right-click the media and choose the Catalog command. Windows will generate a local catalog from the tape or file. This does not create or modify the on-media catalog.


If you have all the tapes in the backup set and the tapes are not damaged or corrupted, open the backup Options dialog box and, on the General tab, select Use The Catalogs On The Media To Speed Up Building Restore Catalogs On Disk. If you are missing a tape in the backup set or a tape is damaged or corrupted, clear that option. This will ensure that the catalog is complete and accurate; however, it might take a long time to create the catalog.

Backup Options

Backup options are configured by choosing the Options command from the Tools menu. Many of these options configure defaults that are used by the Backup Utility and the command-line backup tool, Ntbackup. Those settings can be overridden by options of a specific job.

General Options

The General tab of the Options dialog box includes the following settings:

  • Compute Selection Information Before Backup And Restore Operations Backup estimates the number of files and bytes that will be backed up or restored before beginning the operation.

  • Use The Catalogs On The Media To Speed Up Building Restore Catalogs On Disk If a system does not have an on-disk catalog for a tape, this option allows the system to create an on-disk catalog from the on-media catalog. However, if the tape with the on-media catalog is missing or if media in the set is damaged, you can deselect this option and the system will scan the entire backup set (or as much of it as you have) to build the on-disk catalog. Such an operation can take several hours if the backup set is large.

  • Verify Data After The Backup Completes The system compares the contents of the backup media to the original files and logs any discrepancies. This option obviously adds a significant amount of time for completing the backup job. Discrepancies are likely if data changes frequently during backup or verification, and it is not recommended to verify system backups because of the number of changes that happen to system files on a continual basis. So long as you rotate tapes and discard tapes before they are worn, it should not be necessary to verify data.

  • Backup The Contents Of Mounted Drives A mounted drive is a drive volume that is mapped to a folder on another volume’s namespace, rather than, or in addition to, having a drive letter. If this option is deselected, only the path of the folder that is mounted to a volume is backed up; the contents are not. By selecting this option, the contents of the mounted volume is also backed up. There is no disadvantage in backing up a mount point, however if you back up the mount point and the mounted drive as well, your backup set will have duplication.

If you primarily back up to file and then save that file to another media, clear the following options. If you primarily back up to a tape or another media managed by Removable Storage, select the following options.

  • Show Alert Message When I Start the Backup Utility And Removable Storage Is Not Running.

  • Show Alert Message When I Start The Backup Utility And There Is Recognizable Media Available.

  • Show Alert Message When New Media Is Inserted.

  • Always Allow Use Of Recognizable Media Without Prompting.


The Always Allow Use Of Recognizable Media Without Prompting option can be selected if you are using local tape drives for backup only, not for Remote Storage or other functions. The option eliminates the need to allocate free media using the Removable Storage node in the Computer Management console.

Backup Logging

The Options dialog has a tab called Backup Log. Logging alerts you to problems that might threaten the viability of your backup, so consider your logging strategy as well as your overall backup plan. Although detailed logging will list every file and path that was backed up, the log is so verbose you are likely to overlook problems. Therefore, summary logging is recommended, and is the default. Summary logs report skipped files and errors.

The system will save 10 backup logs to the path %UserProfile% Local Settings \Application Data\Microsoft\Windows NT\Ntbackup\Data. There is no way to change the path or the number of logs that are saved before the oldest log is replaced. You can, of course, include that path in your backup and thereby back up old logs.

File Exclusions

The Exclude Files tab of the Options dialog box also allows you to specify extensions and individual files that should be skipped during backup. Default settings result in the Backup Utility’s skipping the page file, temporary files, client-side cache, debug folder, and the File Replication Service (FRS) database and folders, as well as other local logs and databases.

Files can be excluded based on ownership of the files. Click Add New under Files Excluded For All Users to exclude files owned by any user. Click Add New under Files Excluded For User <username> if you want to exclude only files that you own. You can specify files based on Registered File Type or based on an extension using the Custom File Mask. Finally, you can restrict excluded files to a specific folder or hard drive using the Applies To Path and the Applies To All Subfolders options.

Advanced Backup Options

After selecting files to back up, and clicking Start Backup, you can configure additional, job-specific options by clicking Advanced. Among the more important settings are the following:

  • Verify Data After Backup This setting overrides the default setting in the Backup Options dialog box.

  • If Possible, Compress The Backup Data To Save Space This setting compresses data to save space on the backup media, an option not available unless the tape drive supports compression.

  • Disable Volume Shadow Copy VSS allows the backup of locked and open files. If this option is selected, some files that are open or in use may be skipped.

The Ntbackup Command

The Ntbackup command provides the opportunity to script backup jobs on Windows Server 2003. Its syntax is

Ntbackup backup {"path to backup" or "@selectionfile.bks"} /j "Job Name" options

The command’s first switch is backup, which sets its mode—you cannot restore from the command line. That switch is followed by a parameter that specifies what to back up. You can specify the actual path to the local folder, network share, or file that you want to back up. Alternatively, you can indicate the path to a backup selection file (.bks file) to be used with the syntax @selectionfile.bks. The at (@) symbol must precede the name of the backup selection file. A backup selection file contains information on the files and folders you have selected for backup. You have to create the file using the graphical user interface (GUI) version of the Backup Utility.

The third switch, /J “JobName” specifies the descriptive job name, which is used in the backup report.

You can then select from a staggering list of switches, which are grouped below based on the type of backup job you want to perform.

Backing Up to a File

Use the switch

/F “FileName

where FileName is the logical disk path and file name. You must not use the following switches with this switch: /T /P /G.

The following example backs up the remote Data share on Server01 to a local file on the E drive:

ntbackup backup "\\server01\Data" /j "Backup of Server 01 Data folder" /F

Appending to a File or Tape

Use the switch:


to perform an append operation. If appending to a tape rather than a file, you must use either /G or /T in conjunction with this switch. Cannot be used with /N or /P.

The following example backs up the remote Profiles share on Server02 and appends the set to the job created in the first example:

ntbackup backup "\\server02\Profiles" /J "Backup of Server 02 Profiles folder" /F
"E: \Backup.bkf" /A


Backing Up to a New Tape or File, or Overwriting an Existing Tape

Use the switch:

/N “MediaName”

where MediaName specifies the new tape name. You must not use /A with this switch.

Backing Up to a New Tape

Use the switch

/P “PoolName”

where PoolName specifies the media pool that contains the backup media. This is usually a subpool of the backup media pool, such as 4mm DDS. You cannot use the /A, /G, /F, or /T options if you are using /P.

The following example backs up files and folders listed in the backup selection file c:\backup.bks to a tape drive:

ntbackup backup @c:\backup.bks /j "Backup Job 101" /n "Command Line Backup Job" /p
"4mm DDS"


Backing Up to an Existing Tape

To specify a tape for an append or overwrite operation, you must use either the /T or /G switch along with either /A (append) or /N (overwrite). Do not use the /P switch with either /T or /G.

To specify a tape by name, use the /T switch with the following syntax:

/T “TapeName”

where TapeName specifies a valid tape in the media pool.

To back up the selection file and append it to the tape created in the previous example, you would use this command line:

ntbackup backup @c: \backup.bks /j "Backup Job 102" /a /t "Command Line Backup Job"


To specify a tape by its GUID, rather than its name, use the /G switch with the following syntax:

/G “GUIDName”

where GUIDName specifies a valid tape in the media pool.

Job Options

For each of the job types described above, you can specify additional job options using these switches:

  • /M {BackupType} Specifies the backup type, which must be one of the following: normal, copy, differential, incremental, or daily.

  • /D {“SetDescription”} Specifies a label for the backup set.

  • /V:{yes | no} Verifies the data after the backup is complete.

  • /R:{yes | no} Restricts access to this tape to the owner or members of the Administrators group.

  • /L:{f | s | n} Specifies the type of log file: f=full, s=summary, n=none (no log file is created).

  • /RS:{yes | no} Backs up the migrated data files located in Remote Storage.


    The /RS command-line option is not required to back up the local Removable Storage database, which contains the Remote Storage placeholder files. When you backup the %Systemroot% folder, Backup automatically backs up the Removable Storage database as well.

  • /HC:{on | off} Uses hardware compression, if available, on the tape drive.

  • /SNAP:{on | off} Specifies whether the backup should use a Volume Shadow Copy.

  •  Windows Server 2003 : Restoring Data - Restoring with the Backup Utility
  •  Windows Server 2003 : Fundamentals of Backup
  •  Personalizing Windows 8 : Choosing Your Language
  •  Personalizing Windows 8 : Tweaking Your Touch Experience
  •  Windows Server 2003 : Hardening IPSecurity Policies
  •  Windows Server 2003 : Extending IPSec Operations, Designing IPSec Policies to Meet Secure Communications Needs
  •  Windows Server 2003 : Configuring a Windows IPSec Policy (part 4) - Using Group Policy to Implement IPSec, Monitoring and Troubleshooting IPSec
  •  Windows Server 2003 : Configuring a Windows IPSec Policy (part 3) - Setting Up the IPSec Monitor and Testing the Policy, Writing Policies Using netsh
  •  Windows Server 2003 : Configuring a Windows IPSec Policy (part 2) - Assigning the Policy, Creating Additional Rules
  •  Windows Server 2003 : Configuring a Windows IPSec Policy (part 1) - Using the IPSec Policy Wizard to Create a Policy
    Most View
    Windows Server 2008 and Windows Vista : Advanced Group Policy Management Delegation - Approving, Reviewing
    Lomography Smartphone Film Scanner Review
    Lenovo ThinkPad Twist - The Old Form Factor Starting A New Life With Windows 8 (Part 3)
    Huawei Ascend Y530 with Simple Android Interface
    Cat B15 Rugged Android Smartphone Hands-On
    Get Started With Maps In iOS 6
    Moving into SAP Functional Development : Gaining Control of Change Control - Change Control and the SAP Solution Stack
    Super Test Stereo Amplifiers - Sonic Boon (Part 4) : Pioneer A-70, Rotel RA-12
    Top Ten Raspberry Pi Projects (Part 1)
    Windows Phone 7 : Understanding Matrix Transformations (part 2) - Applying Multiple Transformations
    Top 10
    SQL Server 2012 : Policy Based Management - Evaluating Policies
    SQL Server 2012 : Defining Policies (part 3) - Creating Policies
    SQL Server 2012 : Defining Policies (part 2) - Conditions
    SQL Server 2012 : Defining Policies (part 1) - Management Facets
    Microsoft Exchange Server 2010 : Configuring Anti-Spam and Message Filtering Options (part 4) - Preventing Internal Servers from Being Filtered
    Microsoft Exchange Server 2010 : Configuring Anti-Spam and Message Filtering Options (part 3) - Defining Block List Exceptions and Global Allow/Block Lists
    Microsoft Exchange Server 2010 : Configuring Anti-Spam and Message Filtering Options (part 2) - Filtering Connections with IP Block Lists
    Microsoft Exchange Server 2010 : Configuring Anti-Spam and Message Filtering Options (part 1) - Filtering Spam and Other Unwanted E-Mail by Sender, Filtering Spam and Other Unwanted E-Mail by Recipien
    Microsoft Exchange Server 2010 : Creating and Managing Remote Domains (part 3) - Configuring Messaging Options for Remote Domains , Removing Remote Domains
    Microsoft Exchange Server 2010 : Creating and Managing Remote Domains (part 2) - Creating Remote Domains