Windows Server 2003 Configure security for backup operations

  • Print Article |
  • Send to a Friend |
  • |
  • Add to Google |

Configure security for backup operations: Who can backup data? You must have certain permissions or be granted certain user rights to be able to back up files and folders on a Windows Server 2003 machine. Typically you must be a member of the Administrators Group, the Backup Operators Group or the Server Operators Group to be able to back up and restore all files and folders on a particular machine. Users can backup their own files and folders, and any files and folders for which they have read permission.

Administrators, Backup Operators and Server Operators can back up any file and folder because they have the Backup Files and Directories and Restore Files and Directories user rights granted to them by default. They also have Modify and Full Control permissions granted by default. Granting these rights and permissions to a regular user will allow them to backup and restore files and folders not belonging to them.
Some organizations create separate backup and restore groups to divide these tasks for security reasons. To do this, complete the following steps:
• Create a Backup Group in Active Directory Users and Computers.
• Create a Restore Group in Active Directory Users and Computers.
• Add the necessary members to each group.
• Add the Backup Group to the Backup files and directories Group Policy Object.
• Add the Restore Group to the Restore files and directories Group Policy Object.

The above Group Policy Objects can be found in the following group policy-Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignments.
If you have a disk quota on your target drive, you may not be able to back up files and folders, if the quota keeps you from writing to the hard drive in question. 

Pop Quiz  Questions:
1. From what situations can the boot disk help you recover?
2. To create an ASR diskette and run ASR, of what group or groups should you be a member?
3. What is Shadow Copy?
4. What are the five different types of data backups that can be created with the backup utility?
5. Which form of backup will be faster during the backup (not restore) process, incremental or differential?

Pop Quiz  Answers
1. A boot disk can help you recover from a damaged boot sector, a damaged or infected master boot record, missing or damaged ntldr or ntdetect.com files or a damaged mirror set.
2. To create an ASR diskette and run ASR, you must be a member of the local Administrators group, the Backup Operators group or, if the computer is a member of the domain, the Domain Administrators group.
3. Shadow Copy is a feature of Windows Server 2003 that allows point-in-time, read-only copies of files that are currently stored on network shares.
4. The five different types of data backups are Normal (Full), Copy, Differential, Incremental and Daily.
5. Incremental will be the faster process during backup, as it clears the archive bit. Subsequently, only the files that have changed since the last full or incremental backup will be processed.

Manage backup procedures: Did it work? Did it really work?
Verify the successful completion of backup jobs: Aside from restoring your data to another server, or another location,-the best tests to see if you can really read the files you just backed up-one of the options you can select during the backup is Verify Data After Backup Completes. Options for backup are selected by selecting the Tools menu, then selecting Options, and then the General Tab from the main backup screen as shown in Figure 4.14. Note that the option is NOT selected by default, as it adds to the backup time. Select the desired checkbox, the click Apply and OK to exit the options dialog.

What this option does is allows the Backup utility to compare the backed-up data and the original data on your hard disk to be sure that the two are the same. You should only verify backups of data files. Verifying system backups is a very difficult process because of the large number of changes that happen to system files on a continual basis. Be aware that some data files that were in use during your backup might also cause you to receive verification errors. You can usually disregard these errors. If you receive a large number of verification errors, there may be a problem with the media or the file you are using to back up data. If this happens, try using different media or designate another file and run your backup again.
Consulting log files created during backup is also an excellent way of checking the status of completion, and the success of your efforts. Also under Tools, Options, you then need to select the Backup Log tab, as shown in Figure 4.15. The default is summary, which will give you enough detail to see starts and stops, tape swaps and problem files. Detailed troubleshooting will require a detailed log. You can also keep a detailed log of each backup operation to exactly identify a particular file that you backed up and that you may wish to restore.
 
Manage backup storage media: Media catalogs allow you to easily manage the files and folders collected in your backups. If you are using removable media, the catalog can be created on-disk as well to speed the restore process. Samples of expanded on-disk catalogs. Files can be selected to restore from these, and the proper media inserted into a tape drive. The catalog allows you to easily see the files and folders in a backup set. The catalog here shows the files and folders in a system state backup recently completely. The backup utility can also be used to perform some simple tape management. The options you will have available include format a tape, and pretension of a tape. These options appear if you have a tape drive installed in your computer.

Deborah Timmons is a Microsoft Certified Trainer and Microsoft Certified Systems Engineer. She came into the Microsoft technical field after six years in the adaptive technology field, providing technology and training for persons with disabilities. She is the President and co-owner of Integrator Systems Inc.

Article Rating (5 stars):
  • article full star
  • article full star
  • article full star
  • article full star
  • article full star
Rate this Article:
  • Article Word Count: 981
  • |
  • Total Views: 569
  • |
  • permalink
  • Print Article |
  • Send to a Friend |
  • |
  • Add to Google |
>