Tuesday 16 December 2014

WiFi: Setting up HP Switches and WAPs

Setting up HP Switches and WAPs


Support

Our wireless solution was purchased over 2 years (Summer 11 & Summer 12) from Computer Systems in Education (CSE).

CSE Education Systems Ltd
Goodman's Yard
New Yatt Road
North Leigh
Oxon
OX29 6TN
Tel: 01993 886688
Fax: 01993 886666


CSE have cabled all the AP points, and configured the controller and the first batch of switches that were installed during August 2011.


Hardware

PoE Switches

HP Procurve 2520G-8-POE
WAPs

HP E-MSM430 Dual Radio 802.11n Access Points
WIFI Controller

MSM765 Integrated Controller (Module within core switch)
Username: admin
Password: s********3m





WIFI Controller options

There are 3 VSDs configured:

StCharles-Guest

Purpose: For users who do not exist in Active Directory

HP Visitor Management software must be used to create temporary accounts to permit guest access.

Users can connect to this VSD without providing an initial key/password, but on first use are redirected to a login page which authenticates against the local user database on the controller.


StCharles-Student

Purpose: For users who exist in Active Directory but who are using unknown devices.

Users can connect to this VSD without providing an initial key/password, but on first use are redirected to a login page which authenticates against Active Directory.

StCharles-Internal

Purpose: For known users on known devices (e.g. students using College laptops)

Connection to this VSD requires the valid WPA2 key to be entered. 

This key must never be given to anybody outside of IT Services. 

It is used on College owned equipment which are members of Active Directory and have up to date antivirus protection.


Guest access
Controller à Users à Account Profiles
There are 3, but we don’t use Default AC
Known users are found in AD, Unknown users are local on the controller

Each profile uses the Access List ‘sccunknowndevice’ (Access Control List)
At present both profiles are the same

Account profiles are associated with User accounts

NB. For ACLs go to Public Access à Attributes


Active Directory Users

Controller à Authentication à Active Directory


Switch Configuration

The PoE switches must be configured before use.

General


Manager password

Set this to the standard switch password.

Do not set up a username or an operator password

Spanning tree
Enable this



VLAN 1
This is the default and already exists

IP Address

Use the spreadsheet called IP Address – Switches from within the Network System folder.

If the switch already exists in the spreadsheet, ensure the correct IP address is used.  If not, add the details to the spreadsheet (location in spreadsheet is based on cabinet location).


Subnet

Use the appropriate subnet for the location of the switch
Default Gateway

Use the appropriate Gateway for the location of the switch
IP IGMP

Configure this to be on


VLAN 30
This needs creating and configuring

Name

Wireless
Untagged ports

1 to 8
Tagged ports

10 (used for uplink to existing network switch)
IP IGMP

Configure this to be on

Don’t forget to save your settings before you exit else they will be lost the next time the switch loses power (WR MEM).





Other switch configuration

Every switch port in the ‘journey’ between the Core Switch and the Edge PoE switch you have just configured must be aware of the Wireless VLAN (30) and configured to use it.

Each switch port concerned must be Tagged on VLAN 30.  (NB: Tagged NOT Untagged).

So, if the PoE switch (port 10) is connected to Switch X (port 46) and Switch X (port 48) is connected to the Core Switch (port A12) then every one of these switches must have VLAN 30 (Wireless) configured and the relevant port tagged.

VLAN 30
This needs creating and configuring if it does not already exist

Name

Wireless
Untagged ports

n/a
Tagged ports

Whichever ports are used in the ‘journey’ between the Core Switch and the edge PoE switch

IP IGMP

Configure this to be on


Appendix: Other RDE Notes
WPA2 Key:              ITServices11

Smoothwall Port 805
Ip: 172.20.1.2


telnet
core
manager = #

config
vlan 30
show vlan 30
show lldp I r

On core switch, vlan 30, links to edge switched need to be tagged
Directly connected APs must be untagged

On edge switch
Show run – displays the config
Type…
Config
Vlan 30 (This adds the vlan)
Name wireless
Ip igmp – adds multicast filtering
Tagged 47,48
Wr mem

Show lldp I r 48 (where 48 is a port number)
This will give IP address of new switch (for telnet)

New 8 port switch
Telnet
Config
Hostname MF1A-Model
Vlan 1
Ip address 172.16.100.61 255.255.0.0

(you will lose connection to switch)


config
spanning-tree

vlan 1
ip igmp

vlan 30
name wireless
ip igmp

show lldp I r (see uplink port)
tagged 10
untagged 1-9

show interfaces

Back to config

Password manager (enter)
$w1tch


RDE, 8th November 2012.

Knowledge base:
  • Edge switch: Here, edge switch or other switch means all the link switches between the Core switch and PoE switch.

  • Tagged port: You have HP switch. When you see a port that is tagged it is a trunk port (meaning there is multiple VLANs on that port) each VLAN gets an ID (tag) when you have multiple VLANs on a port you have tagging enabled to separate the traffic so it stays on its same VLAN, on ports that only belong to one VLAN do not need tagging as all traffic will be on the same VLAN. so to simply answer your question a tagged port is a trunk port. This is different from the 802.1q tunnelling but is 802.1q VLAN Trunking.

Whether a port is tagged or not is dependent mainly on how many VLANs are on a particular port. The standard for this is based on 802.1Q.The standard states that on any given port you can have one untagged VLAN. This means that you can have one VLAN per port and there is no need to tag the port. Tagging means that the port will send out a packet with a header that has a tag number that matches the VLAN tag number. If there is only one VLAN there is no need to distinguish what VLAN the traffic is for as there is only one. When there are more than one VLAN per port the port must differentiate what VLAN each packet is destined to. So for example if we have 3 VLANs on port 1 VL1, VL2, VL3 and I am sending out a packet on each one I have to have a way to tell the other side which packet is for which VLAN. So if the .1Q tag for VL1 is 1 and for VL2 is 2 and VL3 is 3 then the port will insert a header with the right tag number on each packet. The other side needs to be set up the same way and will see that if a packet of 1 comes in it will forward it on VL1.So when a port is tagged it inserts and receives packets with the 802.1Q tag for every packet that has a VLAN on it. The standard does allow for one untagged VLAN per port as mentioned above which means that you could have VL1 with no tag and VL2 and VL3 with tags because technically all three VLANs are unique. Any packet that has no tag will go to VL1. This is what Cisco does with their native VLAN.

  • DHCP Tool: Use the dhcp server tool to find the switch dhcp ip address

  1. PoE switch
    1. Find out the IP Address using help of DHCP
    2. Find the other switch it is connected with link port
  2. Requirement for other Main Switch
    1. Find the port number of the switch it is connected to PoE switch
    2. Find how many port switch is it? (24 port or 48 port)
    3. Make note of the link port: Which port are connected by fibre link
    4. Find the ip address of this switch from “IP Addresses - Switches.xls” file
    5. Open a browser and type the ip address
                                                              i.      Go to the “Configuration” tab
·         Look at the link ports and check if it matches
                                                            ii.      When you are certain about the other main switch ip address then
·         Open command prompt
·         Type: telnet ip_address and press enter
·         Type password
·         It will open up telnet connecting to the switch in configuration mood: #
                                                          iii.      Type: show lldp i r 2 (2 is the port of the PoE switch connected to). Output will be the
·         ip_address of the PoE switch,
·         port_id of the PoE switch

  1. Repeat step 2 to find the ip_address and port for all other switches involved
  2. Now time to configure all the related  switches and port 

Windows Server: Does not show "Log off" option in the Start Menu

In the run, type: gpedit.msc
User Configuration\AdministrativeTemplates\Start Menu & Taskbar\
Enable: Add Logoff to the Start Menu

Disable: Remove Logoff on the Start Menu

You’ve to Click on the annoying Start Button( you will get this by hovering your mouse at the bottom left most corner of your screen, shown below).  Now, you will get this Metro Style Screen, where you’ve to click on your User account Icon at the Top Right Corner of your Screen and you get options as shown below. Sign out is our new Log Off Button























Active Directory: Backing Up Active Directory Domain Services

Backing Up Active Directory Domain Services

11 out of 15 rated this helpful Rate this topic
Updated: January 9, 2009
Applies To: Windows Server 2008, Windows Server 2008 R2
This section describes the different types of backups that you can perform to ensure that you can recover Active Directory Domain Services (AD DS) if Active Directory data quality or consistency is jeopardized by human error, hardware breakdown, or software issues. You can perform regular, scheduled backups—which are essential for dependable operations—and you can perform immediate, ad hoc backups when necessary or as an alternative to scheduling regular backups, although scheduling is preferred.
Backup tools and processes are improved in Windows Server 2008 to provide easier methods for backing up the data that is required to recover AD DS and the full server.

Windows Server backup tools

To back up AD DS in Windows Server 2008, you use the Windows Server Backup tool. Windows Server Backup replaces the Backup or Restore Wizard (Ntbackup), the tool that is used in earlier versions of the Windows Server operating system. You cannot use Ntbackup to back up servers that are running Windows Server 2008.
To use Windows Server Backup tools, you must install Windows Server Backup Features in Server Manager. For information about how to install Windows Server Backup Features, see Installing Windows Server Backup (http://go.microsoft.com/fwlink/?LinkId=96495).
In the features list in Server Manager, Windows Server Backup Features has two parts:
  • Windows Server Backup (Wbadmin.msc), a graphical user interface (GUI) snap-in that is available on the Administrative Tools menu

    You can use the Windows Server Backup GUI to perform critical-volumes backups and full server backups.

    noteNote
    You can perform a system state backup only by using the Wbadmin.exe command-line tool.
  • Command-line Tools, which is required to install the Wbadmin.exe command-line tool for Windows Server Backup. “Command-line Tools” refers to a set of Windows PowerShell tools. When you select Command-line Tools, you are prompted to install the required Windows PowerShell feature.

    You can use the Windows Server Backup command-line tool, Wbadmin.exe, to perform all types of backup, including system state backup.
You can use the Windows Server Backup snap-in to back up entire volumes only, as follows: those volumes that contain system state files (critical-volumes backup) or all volumes (full server backup). The Windows Server Backup snap-in has two wizard options: a Backup Schedule Wizard and a Backup Once Wizard.
To use one of the wizards for backing up critical volumes, you must know which volumes to select, or you can allow the wizard to select them when you specify that you want to enable system recovery. When you use the command-line tool for backing up critical volumes, the tool selects the correct volumes automatically.
To back up system state, you must use the Wbadmin.exe command-line tool.

Windows Server backup types

In Windows Server 2008, you can use Windows Server Backup tools to back up three categories of domain controller data, all of which can be used to recover AD DS. Each backup type backs up a different set of data.

Contents of Windows Server backup types

The following list describes the backup types and the data that they contain:
  • System state, which includes all the files that are required to recover AD DS. System state includes at least the following data, plus additional data, depending on the server roles that are installed:

    • Registry
    • COM+ Class Registration database
    • Boot files
    • Active Directory Certificate Services (AD CS) database
    • Active Directory database (Ntds.dit) file and log files
    • SYSVOL directory
    • Cluster service information
    • Microsoft Internet Information Services (IIS) metadirectory
    • System files that are under Windows Resource Protection
  • Critical volumes, which includes all volumes that contain system state files:

    • The volume that hosts the boot files, which consist of the Bootmgr file and the Boot Configuration Data (BCD) store
    • The volume that hosts the Windows operating system and the registry
    • The volume that hosts the SYSVOL tree
    • The volume that hosts the Active Directory database
    • The volume that hosts the Active Directory database log files
  • Full server, which includes all volumes on the server, including Universal Serial Bus (USB) drives. The backup does not include the volume where the backup is stored.

Criteria for using backup types

The following table shows the qualities and restrictions that apply to each backup type. Use this table to determine the backup type to use.

 

FeatureSystem state backupCritical-volumes backupFull server backup
Can be used to recover from registry or directory service configuration errors (recover AD DS)
Yes
Yes
Yes
Can be used for full server (bare-metal) recovery with Windows Recovery Environment (Windows RE)
No
Yes
Yes
Can be used to recover from unbootable conditions
No
Yes
Yes
Can be used to recover specific files and folders
No
Yes
Yes
Can be created by using Windows Server Backup snap-in (GUI)
No
Yes
Yes
Can be created by using Wbadmin.exe command line tool
Yes
Yes
Yes
Has incremental backup support
No*
Yes
?
Can be stored on a DVD or on a network share if the backup is performed manually (is not a scheduled backup)
No
Yes
Yes**
Can use any of the volumes that are included in the backup as the target volume
Yes***
No
No
Can be scheduled by using the Windows Server Backup snap-in
No
Yes
Yes
* Each consecutive backup requires as much space as the first. To help manage the number of versions of system state backups that you store, you can use the wbadmin delete systemstatebackup command to remove old versions. For more information, see Wbadmin delete systemstatebackup (http://go.microsoft.com/fwlink/?LinkId=111836).
** Must be stored on a different hard disk from the source volumes, including external disks or DVDs. External storage devices must be connected to the backup computer.
*** No, by default, but you can override the default by making a change in the registry. To store the system state backup on a volume that is included in the backup, you must add the AllowSSBToAnyVolume registry entry to the server that you are backing up. However, there are some known issues with storing system state backup on a volume that is included in the backup. For more information, see Known Issues for Backing Up Active Directory Domain Services.

Backup guidelines

The following guidelines for backup include the performance of backups to ensure redundancy of Active Directory data:
  • Create daily backups of all unique data, including all domain directory partitions on global catalog servers.
  • Create daily backups of critical volumes on at least two unique domain controllers, if possible. When you have environments with single-domain-controller forests, single-domain-controller domains, or empty root domains, take special care to back up more often.
  • Ensure that backups are available in sites where they are needed. Do not rely on copying a backup from a different site, which is very time consuming and can significantly delay recovery.
  • Where domains exist in only one site, store additional backup files offsite in a secure location so that no backup file of a unique domain exists in only one physical site at any point in time. This precaution provides an extra level of redundancy in case of physical disaster or theft.
  • Make sure that your backups are stored in a secure location at all times.
  • Back up volumes that store Domain Name System (DNS) zones that are not Active Directory–integrated. You must be aware of the location of DNS zones and back up DNS servers accordingly. If you use Active Directory–integrated DNS, DNS zone data is captured as part of system state and critical-volume backups on domain controllers that are also DNS servers.

    If you do not use Active Directory–integrated DNS, you must back up the zone volumes on a representative set of DNS servers for each DNS zone to ensure fault tolerance for the zone.
noteNote
The DNS server stores settings in the registry. Therefore, system state or critical-volume backup is required for DNS, regardless of whether the zone data is Active Directory–integrated or stored in the file system.
  • If you have application directory partitions in your forest, make sure that you make a backup of the domain controllers that replicate those application directory partitions.
  • Create additional backups of domains in every geographic location where:

    • Large populations of users exist.
    • Critical populations of users exist, such as those who support company executives or operate critical business units.
    • Mission-critical work is performed.
    • A wide area network (WAN) outage would disrupt business.
    • The elapsed time that it takes to perform either of the following tasks would be cost prohibitive because of slow link speeds, the size of the directory database, or both:

      To create a domain controller in its intended domain over the network.

      Or

      To copy or transport installation media from a site where a backup exists to a site that has no backup for the purpose of performing an installation from media (IFM).
noteNote
You can use a system state or critical-volumes backup to restore only the domain controller on which the backup was generated or to create a new additional domain controller in the same domain by installing from restored backup media. You cannot use a system state or critical-volumes backup to restore a different domain controller or to restore a domain controller onto different hardware. You can only use a full server backup to restore a domain controller onto different hardware.

Scheduling regular backups

You can use the Backup Schedule Wizard to schedule regular, automatic critical-volumes or full server backups of your domain controllers. You need a current, verified, and reliable backup to:
  • Restore Active Directory data that becomes lost.
  • Recover a domain controller that cannot start up or operate normally because of software failure, hardware failure, or administrative error. For example, an administrator might have set overly restrictive permissions, either explicitly or by using a security policy, that deny the operating system access to the Ntds.dit file and log files.
  • Install AD DS from installation media that you create by using the ntdsutil ifm command. For information about installing a domain controller from installation media, see Installing an Additional Domain Controller by Using IFM.
  • Perform a forest recovery if forest-wide failure occurs.
For information about scheduling backups of AD DS in Windows Server 2008, see Scheduling Regular Full Server Backups of a Domain Controller (http://go.microsoft.com/fwlink/?LinkId=118008).

Immediate (unscheduled) backup

In addition to scheduling regular backups, perform an immediate backup when certain events occur in your environment. You can use the Backup Once Wizard or the command line to back up AD DS when the following conditions arise:
  • You have moved the Active Directory database, log files, or both to a different location on a disk.
  • The operating system on a domain controller is upgraded.
  • A Service Pack is installed on a domain controller.
  • A hotfix is installed that makes changes to the Active Directory database.
  • A current backup is required for installing from backup media for a new domain controller.
  • The tombstone lifetime is changed administratively by changing the value in the tombstoneLifetime attribute of the object CN=Directory Service,CN=Windows NT,CN=Services,CN-Configuration,DC=ForestRootDomain. The tombstone lifetime value in an Active Directory forest defines the number of days that a domain controller preserves information about deleted objects. For this reason, this value also defines the useful life of a backup that you use for disaster recovery or installation from backup media.

Backup frequency

The frequency of your backups depends on criteria that vary for individual Active Directory environments. In most Active Directory environments, users, computers, and administrators make daily changes to directory objects, such as group membership or Group Policy. For example, computer accounts, including domain controller accounts, change their passwords every 30 days by default. Therefore, every day a percentage of computer passwords changes for domain controllers and domain client computers. Rolling the computer password of a domain controller back to a former state affects authentication and replication. A percentage of user passwords might also expire on a daily basis, and if they are lost as a result of domain controller failure, they must be reset manually. Generally, no external record of these changes exists except in AD DS. Therefore, the more frequently you back up domain controllers, the fewer problems you will encounter if you need to restore this type of information.
The more Active Directory objects and domain controllers you have, the more frequent your backups should be. For example, in a large organization, to recover from the inadvertent deletion of a large organizational unit (OU) by restoring the domain from a backup that is days or weeks old, you might have to re-create hundreds of accounts that were created in that OU since the backup was made. To avoid re-creating accounts and potentially performing large numbers of manual password resets, ensure that recent system state backups are always available to recover recent Create, Modify, and Delete operations.

Backup frequency criteria

Use the following criteria to assess the frequency of your backups:
  • Small environments with a single domain controller in the forest or domains that exist in a single physical location (that is, domains that have a single point of failure): create backups at least daily.
  • Medium (10 to 49 domain controllers) and large environments (50 to 1,000 or more domain controllers): Create backups of each unique directory partition in the forest on two different computers at least daily with an emphasis on backing up application directory partitions, empty root domains, domains in a single geographic site, and sites that have large populations of users or that host mission-critical work.
Make backups with increasing frequency until you are confident that if you lose the objects that were created or modified since the last backup, the loss would not create a disruption of your operations. Major changes to the environment should always be immediately followed by a new system state backup.
noteNote
We always recommend that you have at least two domain controllers in each domain of your Active Directory forest.

Backup latency interval

After you perform an initial Active Directory backup on a domain controller, Event ID 2089 provides warnings about the backup status of each directory partition that a domain controller stores, including application directory partitions. Specifically, Event ID 2089 is logged in the Directory Service event log when partitions in the Active Directory forest are not backed up with sufficient frequency, and it continues daily until a backup of the partition occurs. This event serves as a warning to administrators and monitoring applications to make sure that domain controllers are backed up well before the tombstone lifetime expires. By monitoring this event, you can ensure that backups occur with sufficient frequency. Sufficient frequency is determined by the backup latency interval.
The value for the backup latency interval is stored as a REG_DWORD value in the Backup Latency Threshold (days) registry entry in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters. By default, the value of Backup Latency Threshold (days) is half the value of the tombstone lifetime of the forest. In a Windows Server 2008 forest, half the tombstone lifetime is 90 days. However, we recommend that you make backups at a much higher frequency than the default value of Backup Latency Threshold (days). By setting a minimum backup frequency, changing this setting to reflect that frequency, and monitoring Event ID 2089, you ensure the backup frequency that is established in your organization.
To set a different Backup Latency Threshold (days) value, use Registry Editor (Regedit.exe) to create the entry as a REG_DWORD and provide the appropriate number of days.
More information about the Windows Server Backup tools and backing up AD DS is available in the Step-by-Step Guide for Windows Server 2008 AD DS Backup and Recovery (http://go.microsoft.com/fwlink/?LinkId=93077), as follows:
Task requirements
Before you back up a domain controller, see Performing an Unscheduled Backup of a Domain Controller (http://go.microsoft.com/fwlink/?LinkId=118015).
The following tools, media, and credentials are required to perform the procedures for this task:
  • Windows Server Backup:

    • Windows Server Backup snap-in (Wbadmin.msc)
    • Windows Server Backup command-line tool (Wbadmin.exe)
  • Backup media, as follows:

    • Internal or external hard disk drive
    • Shared network folder
    • Writable DVD
  • Builtin Administrator credentials to schedule backups, or Backup Operator credentials to perform unscheduled backups
To complete this task, you can perform the procedures in the following topics, depending on your backup needs:


Install Windows Server Backup Tools

37 out of 48 rated this helpful Rate this topic
Applies To: Windows Server 2008 R2
To access backup and recovery tools, you must install the Windows Server Backup Features and subordinate items that are available in the Add Features Wizard in Server Manager. This installs the following tools:
  • Windows Server Backup Microsoft Management Console (MMC) snap-in
  • Wbadmin command-line tool
  • Windows PowerShell cmdlets for Windows Server Backup

To install backup and recovery tools

  1. Click Start, click Administrative Tools, click Server Manager, in the left pane click Features, and then in the right pane click Add Features. This opens the Add Features Wizard.
  2. In the Add Features Wizard, on the Select Features page, expand Windows Server Backup Features, and then select the check boxes for Windows Server Backup and Command-line Tools.
    noteNote
    Or, if you just want to install the snap-in and the Wbadmin command-line tool, expand Windows Server Backup Features, and then select the Windows Server Backup check box only—make sure the Command-line Tools check box is clear.
  3. On the Confirm Installation Selections page, review the choices that you made, and then click Install. If there is an error during the installation, it will be noted on the Installation Results page.
  4. Then, to access these backup and recovery tools, do the following:
    • To access the Windows Server Backup snap-in, click Start, click Administrative Tools, and then click Windows Server Backup.
    • To access and view the syntax for Wbadmin, click Start, right-click Command Prompt, and then click Run as administrator. At the prompt, type: wbadmin /?
    • For instructions to access and view the Help for the Windows PowerShell Windows Server Backup cmdlets, see Using Windows Server Backup Cmdlets.

Additional considerations

  • To install Windows Server Backup features in Server Manager, you must be a member of the Backup Operators or Administrators group, or you must have been delegated the appropriate authority.
  • To install Windows Server Backup on a Server Core installation, you can use the command line for Server Manager. For instructions, see http://go.microsoft.com/fwlink/?LinkId=143737. For additional instructions to install roles on Server Core installations, see http://go.microsoft.com/fwlink/?LinkID=129805.
  • You can also access Windows Server Backup from Server Manager. To do this, in the left pane double-click Storage, and then double-click Windows Server Backup.

Additional references

Install Windows Server Backup Tools

37 out of 48 rated this helpful Rate this topic
Applies To: Windows Server 2008 R2
To access backup and recovery tools, you must install the Windows Server Backup Features and subordinate items that are available in the Add Features Wizard in Server Manager. This installs the following tools:
  • Windows Server Backup Microsoft Management Console (MMC) snap-in
  • Wbadmin command-line tool
  • Windows PowerShell cmdlets for Windows Server Backup

To install backup and recovery tools

  1. Click Start, click Administrative Tools, click Server Manager, in the left pane click Features, and then in the right pane click Add Features. This opens the Add Features Wizard.
  2. In the Add Features Wizard, on the Select Features page, expand Windows Server Backup Features, and then select the check boxes for Windows Server Backup and Command-line Tools.
    noteNote
    Or, if you just want to install the snap-in and the Wbadmin command-line tool, expand Windows Server Backup Features, and then select the Windows Server Backup check box only—make sure the Command-line Tools check box is clear.
  3. On the Confirm Installation Selections page, review the choices that you made, and then click Install. If there is an error during the installation, it will be noted on the Installation Results page.
  4. Then, to access these backup and recovery tools, do the following:
    • To access the Windows Server Backup snap-in, click Start, click Administrative Tools, and then click Windows Server Backup.
    • To access and view the syntax for Wbadmin, click Start, right-click Command Prompt, and then click Run as administrator. At the prompt, type: wbadmin /?
    • For instructions to access and view the Help for the Windows PowerShell Windows Server Backup cmdlets, see Using Windows Server Backup Cmdlets.

Additional considerations

  • To install Windows Server Backup features in Server Manager, you must be a member of the Backup Operators or Administrators group, or you must have been delegated the appropriate authority.
  • To install Windows Server Backup on a Server Core installation, you can use the command line for Server Manager. For instructions, see http://go.microsoft.com/fwlink/?LinkId=143737. For additional instructions to install roles on Server Core installations, see http://go.microsoft.com/fwlink/?LinkID=129805.
  • You can also access Windows Server Backup from Server Manager. To do this, in the left pane double-click Storage, and then double-click Windows Server Backup.

Additional references

Create Backups of the System State Using a Command Line

21 out of 34 rated this helpful Rate this topic
Applies To: Windows Server 2008 R2, Windows Server 2012
In Windows Server 2008 R2, you can use the Backup Schedule Wizard, the Backup Once Wizard, the Wbadmin start systemstatebackup command, the Wbadmin enable backup command, or the Windows PowerShell cmdlets for Windows Server Backup to create a backup of the system state for a server. A backup of the system state can be saved to a locally attached disk (either internal or external) or a remote shared folder. It cannot be saved to a DVD, optical media, or other removable storage media. In addition, when you create a system state backup, you can also add other files, folders, and volumes for recovery.
This topic covers using Wbadmin start systemstatebackup to create a one-time backup or the system state and Wbadmin enable backup to create a scheduled backup of the system state. For information about other methods, see the following:

To create a system state backup by using Wbadmin start systemstatebackup

  1. To open a command prompt with elevated privileges, click Start , right-click Command Prompt , and then click Run as administrator .
  2. At the prompt, type:
    wbadmin start systemstatebackup -backupTarget:<VolumeName> [-quiet]
    For example, to create a system state backup with no prompts to the user and save it to volume F, type:
    wbadmin start systemstatebackup -backupTarget:F: -quiet
    To view the complete syntax for this command, at a command prompt, type:
    Wbadmin start systemstatebackup /?

To create a scheduled system state backup by using Wbadmin enable backup

  1. To open a command prompt with elevated privileges, click Start , right-click Command Prompt , and then click Run as administrator .
  2. At the prompt, type:
    wbadmin enable backup [-addtarget:<BackupTarget>] [-removetarget:<BackupTarget>] [-schedule:<TimeToRunBackup>] [-include:<ItemsToInclude> [-nonRecurseInclude:<ItemsToInclude>] [-exclude:<ItemsToExclude>] [-nonRecurseExclude:<ItemsToExclude>] [-allCritical] [-systemState] [-vssFull | -vssCopy] [-user:<UserName>] [-password:<Password>] [-quiet]
    For example, to create a system state backup, daily at 9 A.M., with no prompts to the user, and save it to volume F, type:
    wbadmin enable backup -addtarget:F: -schedule:09:00 -systemState -quiet
    To view the complete syntax for this command, at a command prompt, type:
    Wbadmin enable backup /?

Additional considerations

  • To create a system state backup using features of Windows Server Backup, you must be a member of the Backup Operators or Administrators group, or you must have been delegated the appropriate authority.
  • If you want to create a system state backup but also add other items to the backup, you can use the Wbadmin start backup command with the -systemState , -include , and -nonRecurseInclude parameters. To view the complete syntax for this command, at a command prompt, type:

    Wbadmin start backup /?

Additional references

Perform a Backup of Critical Volumes of a Domain Controller by Using the GUI (Windows Server Backup)

7 out of 12 rated this helpful Rate this topic
Updated: July 3, 2008
Applies To: Windows Server 2008
You can use this procedure to back up critical volumes for a domain controller by using Windows Server Backup. You can also back up critical volumes by using the wbadmin start backup command with the -allCritical parameter. For more information, see Wbadmin start backup (http://go.microsoft.com/fwlink/?LinkId=111838).
noteNote
Windows Server Backup appears on the Administrative Tools menu by default, even if the Windows Server Backup feature is not installed. If Windows Server Backup is not installed, when you open Windows Server Backup, a message appears, saying that the tool is not installed and providing the instructions for installing Windows Server Backup. For more information about installing Windows Server Backup, see Installing Windows Server Backup (http://go.microsoft.com/fwlink/?LinkID=96495).
Membership in Builtin Administrators or Backup Operators, or equivalent, is the minimum required to complete this procedure. In addition, you must have write access to the target backup location.

To perform a critical-volume backup for a domain controller

  1. Click Start, point to Administrative Tools, and then click Windows Server Backup.
  2. If you are prompted, in the User Account Control dialog box, provide Backup Operator credentials, and then click OK.
  3. On the Action menu, click Backup once.
  4. In the Backup Once Wizard, on the Backup options page, click Different options, and then click Next.
  5. If you are creating the first backup of the domain controller, click Next to select Different options.
  6. On the Select backup configuration page, click Custom, and then click Next.
  7. On the Select backup items page, select the volumes to include in the backup. If you select the Enable system recovery check box, all critical volumes are selected.
    As an alternative, you can clear that check box, select the individual volumes that you want to include, and then click Next.
    Your selection must include the volumes that store the operating system, Ntds.dit, and SYSVOL.
    noteNote
    If you select a volume that hosts an operating system, all volumes that store system components are also selected.
  8. On the Specify destination type page, click Local drives or Remote shared folder, and then click Next.
  9. Choose the backup location as follows:
    • If you are backing up to a local drive, on the Select backup location page, in Backup destination, select a drive, and then click Next.
    • If you are backing up to a remote shared folder, do the following:

      1. Type the path to the shared folder.
      2. Under Access Control, select Do not inherit or Inherit to determine access to the backup, and then click Next.
      3. In the Provide user credentials for Backup dialog box, provide the user name and password for a user who has write access to the shared folder, and then click OK.
  10. On the Specify advanced option page, select VSS copy backup and then click Next,
  11. On the Summary page, review your selections, and then click Backup.
  12. After the Backup Once Wizard begins the backup, click Close at any time. The backup runs in the background and you can view backup progress at any time during the backup. The wizard closes automatically when the backup is complete.