Backup and restore functions in Windows: Advantages and limitations

Administrators should be aware of the advantages and limitations of Windows' built-in data protection mechanisms -- NTBACKUP, Automated System Recovery, Device Driver Rollback and System Restore – plus Data Protection Manager.

As the Windows operating system matures, Microsoft includes more and more mechanisms for protecting your data as...

well as the operating system itself. Windows XP and Windows Server 2003 include built-in mechanisms designed to protect your data and your system's configuration

NTBACKUP is the granddaddy of these backup technologies, having been around since the days of Windows NT. A general-purpose utility for backing up and restoring files, NTBACKUP allows you to back up both your data and the Windows OS to disk or tape. Backups can be scheduled or run manually.

When I took my first MCSE training course (back in the early '90s), my instructor told us, "NTBACKUP will work in a pinch, but don't stake your job on it." At the time I thought the statement was a little weird, but I was using third-party backup software anyway, so I didn't care. But as time went on, I gained more experience with NTBACKUP. Although NTBACKUP has improved tremendously since its first version, I still agree with what my instructor said: Don't stake your job on it.

NT backup works fine. . .for the most part. But it gets quirky when you have to do a full system restore. Unless you run a special type of backup called an Automated System Recovery, NTBACKUP is incapable of doing a bare metal restore. This means that if you need to restore the Windows OS, you'll usually have to install Windows first, and then restore your backup.

Now, when restoring data in this manner, sometimes some of the system settings don't restore quite the way they should. Although I've never experienced a restoration problem so severe that it kept me from returning the system to an operational state, at times I have had to do some manual reconfigurations after the restore completed. That being the case, it's probably better to use a third-party backup utility in a production environment.

Another problem: NTBACKUP is not really designed to back up multiple servers. You can back up other servers by mapping a drive letter to them, and then backing up that drive, but even this workaround has its limitations. For example, you cannot back up a remote system's system state by using the drive mapping technique.

But, more than anything, what NTBACKUP really needs is a better interface.

Automated System Recovery

Automated System Recovery (ASR) is a subcomponent of NTBACKUP that allows you to perform a bare metal restore of a Windows OS. Although ASR works quite well, it does have some serious limitations.

First of all, you can only use ASR if you perform a special ASR backup: one that backs up the Windows OS and generates a special floppy disk that is used during the restoration.

This brings up the second limitation. In order to restore an ASR backup, the machine you're restoring must have a floppy drive. But, of course, in this day and age, floppy drives are nearly extinct.

Limitation #3 is that ASR is only capable of performing a bare metal restoration of the Windows OS. Applications that might be installed on top of Windows will not be restored as part of an ASR restoration. This means you'll have to use ASR to restore the Windows OS, and then use your normal backup to restore your other applications and your data.

Device Driver Rollback

The Device Driver Rollback feature is worth its weight in gold. If you've worked with computers for any length of time, you've probably seen a buggy or incorrect device driver cause the system to crash. In the old days, the solution to this problem was to boot the machine in Safe Mode, remove the old device driver and replace it with the correct driver.

Although this procedure worked, it could be frustrating. It often required a lot of reboots -- you could spend a lot of time replacing a simple device driver. Another problem: Sometimes Windows would not allow you to replace the buggy device driver if it was newer than the driver you were trying to replace it with. Perhaps the biggest frustration was when you didn't have a copy of a known good device driver to replace the buggy one.

The Device Driver Rollback feature resolves all these issues. Now, to roll back a device driver, all you have to do is go into the Device Manager, right-click on the malfunctioning device and select the Properties command from the resulting shortcut menu. This causes Windows to reveal the device's properties sheet. Now select the properties sheet's Driver tab and click the Roll Back Driver button. The device driver will be reverted to its previous version.

System Restore

The System Restore feature is designed to protect Windows against certain types of harmful configuration changes. When various types of activity are about to occur, Windows creates a point-in-time snapshot of certain critical system files and registry entries. If the configuration change causes the system to crash, the snapshot can often be used to return the system to a functional state.

The System Restore feature has its good and its bad points. On the plus side, it allows you to easily protect the integrity of the Windows OS without having to take the time to create a full-fledged backup. On the down side, System Restore does not protect user files such as documents, Internet Explorer favorites, the contents of your recycle bin, graphics files, etc. System Restore also offers no protection against a hard disk failure.

The good news is that System Restore points are created automatically. Windows will create a restore point prior to certain types of activity, such as the installation of some applications. Windows will also automatically create a System Restore point every 24 hours.

Data Protection Manager

Data Protection Manager (DPM) isn't actually included with Windows, but it is a Microsoft backup solution, so I wanted to mention it. It is part of the System Center line of Microsoft Server products. Its purpose is to create disk-based backups of your data more frequently than you could create them on your own. For example, most organizations run backups nightly, but DPM can run backups hourly without being disruptive. That way, users never have to worry about losing more than an hour's worth of work.

DPM also gives administrators the option of allowing users to perform their own restores. Since all backups are disk-based, there are no tapes to load. Users simply select the file that they want to restore and the process is completed without intervention from the administrator.

DPM uses single-instance storage to eliminate file system redundancy. This makes it possible to keep up to almost a month's worth of backups online without consuming nearly as much disk space as you might expect. DPM is not a substitute for traditional backups, but it is an augmented backup solution, one that is perfect for those who need more frequent backups or who have a very small backup window.

About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server, Exchange Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. He writes regularly for and other TechTarget sites.

More information on this topic:

This was last published in October 2006

Dig Deeper on Microsoft Windows Data Backup and Protection



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.