Windows NT 4.0 Backup and Recovery Guide

Introduction

A robust backup and recovery strategy is essential for Windows NT Server 4.0 systems. This guide covers backup planning, implementation, recovery procedures, and disaster recovery best practices to ensure business continuity.

Backup Planning

Risk Assessment

1. Identify Critical Data ``` Priority 1 - Business Critical:
2. Domain SAM database
3. User data files
4. Database files
5. Email stores

Priority 2 - Important: - Application configurations - User profiles - System configurations

Priority 3 - Replaceable: - Operating system files - Application binaries - Temporary files ```

1. Recovery Time Objectives (RTO)
2. Maximum acceptable downtime
3. Per system/service basis

4. Business impact analysis

5. Recovery Point Objectives (RPO)

6. Maximum data loss tolerance
7. Backup frequency requirements
8. Point-in-time recovery needs

Backup Types

1. Full Backup
2. Complete system backup
3. All files regardless of archive bit
4. Clears archive bit

5. Baseline for other backups

6. Incremental Backup

7. Files changed since last backup
8. Clears archive bit

9. Faster but complex restore

10. Differential Backup

11. Files changed since last full
12. Doesn't clear archive bit

13. Slower backup, easier restore

14. Copy Backup

15. Like full but preserves archive bit
16. Doesn't interfere with schedule

17. Good for special backups

18. Daily Backup

19. Files modified that day
20. Doesn't use archive bit
21. Supplemental to regular backups

Backup Strategies

Grandfather-Father-Son (GFS)

Weekly Schedule:
Monday:    Incremental (Son)
Tuesday:   Incremental (Son)
Wednesday: Incremental (Son)
Thursday:  Incremental (Son)
Friday:    Full (Father)

Monthly: Last Friday Full (Grandfather)

Retention:
- Daily: 1 week
- Weekly: 1 month
- Monthly: 1 year

Tower of Hanoi

Complex rotation maximizing tape life:

Tape 1: Every other day
Tape 2: Every 4th day
Tape 3: Every 8th day
And so on...

Windows NT Backup Utility

Starting NT Backup

Start → Programs → Administrative Tools → Backup
Or run: ntbackup.exe

Backup Operations

1. Select Files ``` Drives window: Select drives/folders [X] C:\ [X] D:\Data [ ] D:\Temp

Right-click for options: - Check all subfolders - Uncheck all subfolders ```

1. Backup Destination ``` Backup Information: Tape Name: Full Backup 01-15-2024

[ ] Append to tape [X] Replace data on tape

[ ] Restrict access to owner or Administrator ```

1. Backup Options ``` Options → Backup

[X] Backup Registry [X] Verify after backup [ ] Hardware compression (if supported)

Backup Type: ( ) Normal (Full) ( ) Copy ( ) Incremental ( ) Differential ( ) Daily ```

Command Line Backup

Automate with NTBACKUP command:

REM Full backup example
ntbackup backup c:\ d:\ /t "Full Backup" /v /b /hc:on

REM Incremental backup
ntbackup backup c:\ d:\ /t "Incremental" /v /b /hc:on /m incremental

Parameters:
/t "name"    - Tape name
/v           - Verify after backup
/b           - Backup registry
/hc:on       - Hardware compression
/m type      - Backup type

Scheduled Backups

1. Using AT Command ```batch REM Schedule daily incremental at 10 PM at 22:00 /every:M,T,W,Th,F cmd /c "c:\scripts\backup_incremental.bat"

REM Schedule weekly full at 6 PM Friday at 18:00 /every:F cmd /c "c:\scripts\backup_full.bat" ```

1. Using Task Scheduler (SP4+) Install Task Scheduler service Create scheduled tasks via GUI More flexible than AT command

Backup Media Management

Tape Management

1. Labeling Convention Format: TYPE-DATE-SEQUENCE Examples: FULL-20240115-01 INCR-20240116-01 DIFF-20240117-01

2. Tape Rotation ``` Daily Set: 5 tapes (Mon-Fri) Weekly Set: 5 tapes (5 weeks) Monthly Set: 12 tapes (1 year)

Storage: - Onsite: Current week - Offsite: Previous weeks - Secure vault: Monthly tapes ```

1. Tape Maintenance
2. Clean drive regularly
3. Retire tapes after 50-100 uses
4. Store in controlled environment
5. Test restore capability

Alternative Media

1. Network Backup ``` Backup to network share:
2. Map network drive
3. Select as backup destination
4. Ensure adequate bandwidth

5. Secure network path ```

6. Disk-to-Disk Backup ``` Advantages:

7. Faster than tape
8. Random access
9. Easy verification

Implementation: - Dedicated backup drive - External storage arrays - Replicate to remote site ```

System State Backup

Critical System Components

1. Registry Backup ``` Included in system state:
2. HKEY_LOCAL_MACHINE
3. HKEY_USERS
4. HKEY_CURRENT_CONFIG

Manual backup: RDISK /S (includes user accounts) Saved to: %SystemRoot%\Repair ```

1. Boot Files ``` Critical files:
2. NTLDR
3. NTDETECT.COM
4. BOOT.INI

5. NTBOOTDD.SYS (SCSI) ```

6. Emergency Repair Disk ``` Create/Update ERD:

7. Run RDISK
8. Update Repair Info
9. Create Emergency Repair Disk
10. Store in secure location

Contains: - Registry configuration - Security information (/S option) - System configuration ```

Domain Controller Backup

Special Considerations

1. SAM Database ``` Location: %SystemRoot%\System32\Config\SAM

Backup requirements: - Stop related services or - Use NT Backup (handles open files) - Include SECURITY and SYSTEM hives ```

1. Synchronization Issues ``` PDC Backup:
2. Most critical
3. Contains master SAM
4. Backup during low activity

BDC Backup: - Supplemental protection - Can promote if PDC fails - Sync before backup ```

1. Directory Database Files to backup: %SystemRoot%\NTDS\*.* %SystemRoot%\System32\Config\SAM %SystemRoot%\System32\Config\SECURITY %SystemRoot%\System32\Config\SYSTEM

Application Backup

SQL Server Backup

1. Database Backup Types ``` Full Database Backup: BACKUP DATABASE dbname TO TAPE = '\.\Tape0'

Transaction Log Backup: BACKUP LOG dbname TO TAPE = '\.\Tape0'

Differential Backup: BACKUP DATABASE dbname TO TAPE = '\.\Tape0' WITH DIFFERENTIAL ```

1. Backup Strategy ``` Daily: Transaction log backups (hourly) Nightly: Full database backup Weekly: Full backup with verify

Always backup: - Master database - MSDB database - User databases ```

Exchange Server Backup

1. Online Backup ``` Use Exchange-aware backup software Backs up while services running Includes:
2. Information Store
3. Directory Service

4. Transaction logs ```

5. Offline Backup ``` Stop Exchange services Copy database files:

6. PRIV.EDB
7. PUB.EDB
8. DIR.EDB
9. All log files ```

IIS Backup

Backup components:
1. Metabase (Registry)
2. Website content (files)
3. SSL certificates
4. ISAPI filters/extensions
5. Log files

Registry keys:
HKLM\System\CurrentControlSet\Services\W3SVC
HKLM\System\CurrentControlSet\Services\InetInfo

Recovery Procedures

File/Folder Recovery

1. Using NT Backup ```
2. Insert backup tape
3. Window → Catalog
4. Select backup set
5. Navigate to files
6. Select items to restore
7. Restore button

Options: [X] Restore to original location [ ] Restore to alternate location [ ] Restore security ```

1. Command Line Restore ```batch REM Restore entire C: drive ntbackup restore /t "Full Backup" c:\ /v

REM Restore specific folder ntbackup restore /t "Full Backup" c:\Data /v ```

System Recovery

Minor Corruption

1. Last Known Good ``` During boot, when "Press spacebar NOW":
2. Press spacebar
3. Select Last Known Good Configuration

4. Restores previous control set ```

5. Emergency Repair ``` Boot from NT installation CD/floppies Press R for Repair Options: [X] Inspect registry files [X] Inspect startup environment [X] Verify Windows NT system files [ ] Inspect boot sector

Insert Emergency Repair Disk ```

Major Failure

1. Parallel Installation ```
2. Install fresh NT to different folder
3. Boot to new installation
4. Access and repair original
5. Copy registry from backup

6. Fix boot.ini ```

7. Complete Restore ```

8. Install NT Server same version/SP
9. Install tape device drivers
10. Restore full backup
11. Restore latest incremental
12. Reapply service packs
13. Test thoroughly ```

Domain Controller Recovery

PDC Failure

1. Promote BDC ``` On selected BDC: Server Manager → Computer → Promote to PDC

Verify: - Domain functionality - User authentication - Replication to other BDCs ```

1. Rebuild Failed PDC ```
2. Install as BDC
3. Sync with new PDC
4. Can demote new PDC later ```

Complete Domain Loss

1. Restore PDC from backup
2. Restore computer accounts
3. Some passwords may be old
4. Rejoin workstations if needed
5. Restore trust relationships

Disaster Recovery Planning

Documentation

Essential documentation:

1. Hardware inventory
   - Server specifications
   - RAID configurations
   - Network settings

2. Software inventory
   - OS versions and patches
   - Application versions
   - License keys

3. Configuration details
   - IP addresses
   - User accounts
   - Share permissions
   - Service settings

4. Recovery procedures
   - Step-by-step guides
   - Contact information
   - Vendor support

DR Site Preparation

1. Hot Site
2. Duplicate hardware ready
3. Data replicated regularly

4. Immediate failover capability

5. Warm Site

6. Hardware available
7. Restore from backup needed

8. 24-48 hour recovery

9. Cold Site

10. Empty facility
11. Acquire hardware needed
12. 1-2 week recovery

Recovery Testing

1. Test Schedule Monthly: File restore test Quarterly: Application recovery Annually: Full DR drill

2. Test Procedures ```

3. Restore to test server
4. Verify data integrity
5. Test application function
6. Document issues
7. Update procedures ```

Backup Security

Physical Security

1. Tape Storage
2. Fireproof safe onsite
3. Offsite secure facility
4. Climate controlled

5. Access logging

6. Transport Security

7. Bonded courier service
8. Encrypted containers
9. Chain of custody
10. Tracking system

Data Security

1. Access Control ``` NT Backup options: [X] Restrict access to owner or Administrator

Limits restore capability Protects sensitive data ```

1. Encryption Options
2. Third-party backup software
3. Hardware encryption
4. Encrypted volumes

Monitoring and Maintenance

Backup Verification

1. Automated Verification ``` NT Backup: [X] Verify after backup

Adds time but ensures integrity Check logs for errors ```

1. Manual Testing Weekly: Restore random files Monthly: Restore complete folder Quarterly: Full system restore test

Log Management

1. Backup Logs ``` Location: %SystemRoot%\Backup.log

Review for: - Completion status - Errors or warnings - Backup size/time - Files skipped ```

1. Retention ``` Keep logs for:
2. Daily: 1 month
3. Weekly: 6 months
4. Monthly: 2 years ```

Best Practices Summary

1. Planning
2. Document everything
3. Test recovery procedures
4. Train multiple people

5. Review plans quarterly

6. Implementation

7. Automate where possible
8. Verify all backups
9. Maintain offsite copies

10. Monitor completion

11. Media Management

12. Label clearly
13. Track usage
14. Retire old media

15. Secure storage

16. Testing

17. Regular restore tests
18. Document results
19. Update procedures

20. Full DR drills

21. Security

22. Encrypt sensitive data
23. Control physical access
24. Audit restore operations
25. Secure transportation

Troubleshooting Backup Issues

Common Problems

1. Backup Fails to Start
2. Check tape in drive
3. Verify service running
4. Check permissions

5. Review event logs

6. Files Skipped

7. Open files
8. Permission denied
9. Corrupt files

10. Path too long

11. Verification Errors

12. Bad tape media
13. Dirty tape heads
14. Hardware problems
15. Write errors

Recovery Problems

1. Cannot Restore Files
2. Wrong tape
3. Corrupted catalog
4. Permission issues

5. Hardware failure

6. System Won't Boot

7. Repair with ERD
8. Check boot files
9. Verify disk configuration
10. Last Known Good

Conclusion

Effective backup and recovery is crucial for Windows NT Server 4.0 systems. Regular backups, proper media management, and tested recovery procedures ensure business continuity. Document all procedures, train staff, and conduct regular drills. Remember that backups are only valuable if you can successfully restore from them. Test early and test often.