Utilizing the Built-in Windows Backup (ntbackup.exe) For Windows

This post is a record of what I've learned and done to make the built-in backup utility in Windows 2000, Windows XP, and Windows 2003 as useful as possible.

Often my clients, as well as most home users have operating systems like Windows 2000/2003 Server (or Windows XP for home users) installed and end up using a 3rd party application to backup their data. For servers, this can get expensive quickly, and often my clients don't understand why they have to pay as much money (or more) for backups then they did for the server(s) it's backing up (expensive software combined with expensive tape systems). With home users, or business workstations, they are very rarely backed up because of the complexity that they perceive it to be. Often, I believe the built-in backup utility of modern Windows could do the job just fine for small businesses and home, but many don't know how to work with it, and deal with its limitations (and Microsoft doesn't have a good wizard to walk you though the more advanced scenarios).

Three most common mistakes made in small business data backups

  1. Often companies just set an initial backup job and don't review it until something breaks.
  2. Often companies don't have off-site backups, and if they do, they are old or incomplete (not appropriate for their business needs).
  3. Often businesses never test their backups, or even look to see if they are successfully finished.

Advice Before Beginning

ntbackup hides in your start menu under Accessories>System Tools. It can also be run by the command ntbackup.exe from a command line or run prompt.

Establish a single computer as the "central backup computer" that will store the backup files from all computers. This keeps your sanity in check. It doesn't have to be a Windows "Server" OS. If your going to "pull" all remote files from this computer (rather then "push" files to it from other computers), then disable file sharing in the properties of the network card (to help prevent attacks by viruses or hackers).

One thing you must do in order to limit the frustration of this program is to always run it backup jobs from a backup user account. If you are at home and only have one login, then using the existing login user is fine. But if you're in an Active Directory environment then I suggest creating a special user called "backupuser" or "sysbackup", etc. Give this user a strong password (more then 15 characters), and initially, add it to the Backup Operators Group. There are several reasons for this requirement:

  • Ntbackup.exe likes to dump its logs under the user's profile it's running at. We'll talk more about logs later, but if you perform backup operations from different users, then you'll have problems finding all the logs. We'll show how to change this location later in the document.
  • Ntbackup.exe needs to run as a specific user. This user needs to have permissions to backup all files, which could be any account that is an admin. But, when that admin changes their password, or if they leave, etc, this account will not update itself and backups will fail. The account shouldn't be person-specific, and should not have an auto-expiring password (which is why the password should be extra long and cryptic, so it's hard to guess or "brute-force").

How to Schedule Jobs

Ntbackup uses the Scheduled Tasks service (aka at.exe in 2000, schtasks.exe in 2003) to run its jobs. This is equivalent to the cron scheduler in UNIX. The ntbackup interface can be used to create a backup job, and will create a .bks file that is the configuration of all the files selected for backup. If you schedule jobs with the ntbackup interface, then it will add them to the Scheduled Tasks "folder" automatically according to the schedule you selected. All of this is hidden behind the interface so for a beginner, they can just select the files they want, select a location or tape to backup to, and go.

Where to find Backup logs

The Backup logs are under the profile of the user account that is used to run the backup job. So, if a username of "backupuser" was used, then the logs would be located:

C:\Documents and Settings\backupuser\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data</font>

The .bks configuration files are also stored here by default if you create it from the ntbackup interface.

How to edit or create a backup config file (.bks) without using ntbackup

You can use the ntbackup GUI to edit, save and load existing .bks configuration files, but the files themselves are so simple that it's often quicker to edit them in notepad.

Here are sample lines you could have as the contents of a .bks file

C:\WINNT\system32\wbem\repository\ /Exclude
K:\Lables\ /Exclude
K:\Janurary 29.doc /Exclude
JET SERVER1\Microsoft Information Store\First Storage Group

  • The 1st line backs up a network share from another computer
  • The 2nd line backups up the whole c: drive of the local computer. (doesn't include the registry, AD, etc) By default ntbackup does everything in a directory including sub directories
  • The 3rd and 4th lines show how to exclude directories
  • The 5th line shows how to exclude a file
  • The 6th and 7th show how to backup an Exchange 5.5 directory store and information store
  • The 8th line show how to backup a local Exchange 2000/2003 database
  • The 9th line shows how to back up the system state. (later we will cover what is in a system state)
So, If I were to create a .bks file with notepad of my backup locations, call it "nightly network backup.bks" and put it in the "c:\scripts" folder I make, I can start constructing my other files needed for the backup job. To create the schedule for your job, you can use the command line, but I find the Task Scheduler easier to deal with and change. Here is the command line for a job that the ntbackup GUI will create:

C:\WINNT\system32\NTBACKUP.EXE backup "@C:\scripts\nightly network backup.bks" /d "nightly network backup" /v:no /r:no /rs:no /hc:off /m normal /j "nightly" /l:s /p "4mm DDS" /um /f "\server-ts\backups\nightly network.bkf"

Notice I've specified which "backup script" to use, and where to store the actual backup file, neither of which has to be on the local computer. For a command line reference, use the help file included with ntbackup.exe (run "ntbackup.exe /?" to see it).

What Exactly The System State Backup Covers

When you backup the System State on a Domain Controller, the following is backed up:
  • Active Directory (NTDS)
  • The boot files
  • The COM+ class registration database
  • The registry
  • The system volume (SYSVOL)
  • The IIS metabase
When you back up the System State on a member server or workstation:
  • The Boot file
  • The COM+ class registration database
  • The registry
  • The IIS metabase
When Certificate Server is installed on your server, it is included in the System State.

What ntbackup Does NOT Backup

KB104169 It skips files that are not important, like the pagefile, the hibernate file, recycle bin, tmp files, etc.

How to Notify Yourself About Various Backup Events

Now that you know where the log files are stored, you can use Windows Scripting Host (WSH) to create a mail script in .vbs that will email you at the end of a job. I wish I had one handy to to show you. Blat would allow you to do this in a batch file with much less code (a single line).

How to Backup the System State of Multiple Machines

While it may be easier to buy an enterprise backup program at this point, if you only have 2-6 servers then it may still be more costly to buy then "orchestrating" your backups with ntbackup. I've seen two different working options in this case:
  • Semi-Centralized: Run backups on the other servers of just the system state to their local hard drives an hour in advance, and then pull those plus your file backups from your "backup server".
  • Distributed: I find for the purposes of a restore, it's easier to do full backups on each system, and point them to save the .bkf backup file on the "backup server" (note this would require file sharing to be enabled on the backup server). Doing it this way means you'll need to setup a blat/email job on each server for it's logs, OR a better option is to share out the log directory's and "blat them" from a single batch job on the backup server.

Other Options for Performing Backups With and Without a Tape Drive on Small Networks

Perform nightly backups to disk, on a different server or pc, and perform weekly's to tape. This is the disk-to-disk-tape scenario

Rather then buying bigger tape drives and tape autoloaders, use disk-based backups for onsite and tape only for offsite storage

Use an external USB/Firewire drive and rotate offsite to prevent ANY tape use. 500GB-1TB external drives are cheaper then tape drives, and hold 8-16 times the data of a single 4mm tape

For a offsite backup solution that is really cheap, fast, rather simple and effective; buy at least 2 external USB hard drives and pick a computer to be your "backup server". Have this backup computer push/pull files daily to store the .bkf files on the USB drive. 1-2 times a week, swap out one drive for the other (use disk manager to ensure they use the same drive letter) and take the new "spare" one home. Now you have disk backups onsite, and offsite, likely for less then $500.

If you do all these things: weekly offsite, nightly backups to disk, and email reports of backups, you'll have a very complete solution for small business backups that rival most small businesses today. The next step is for you to test your restore skills, but that's another post.


How to Schedule Unattended Backups Using a Stand-Alone Tape Library

How to Save Backup Report Logs to an Alternate Location