Microsoft Exam  70-290 – Disaster Recovery

Managing and Maintaining a Microsoft Windows Server 2003 Environment.  Study Guide

5. Managing and Implementing Disaster Recovery


Backup tools and procedures

To backup files use the Backup GUI tool in Accessories\System Tools or alternatively, grapple with command line tool – ntbackup.exe.  Bizarrely, you cannot use the command line ntbackup to restore files.  Also, you can manage media for backup using Computer Management.

Types of backup: normal (clears A), incremental (uses A, clears A), differential (uses A, leaves A), copy, daily (based on changes since midnight).

To perform a backup you should be a member of the Administrators or Backup Operators group or you should be the owner of a file or folder and have at least one of permissions: read, read and execute, modify, full control. You can manage media only as a member of Administrators group.

You can schedule backup: daily, weekly, monthly, once, at system startup, at logon, when idle.

Locations to restore: original location, alternate location, single folder.

Media pools: unrecognized (blank and foreign format), free (newly formatted), backup (written), import (not catalogued on the local disk)

Recovery Tools

  • Safe Mode – F8 on startup
  • Driver Rollback – Device Manager
  • Last Known Good Configuration
  • Recovery Console.  Boot from CD, look out for R= Repair.  Alternatively, install the recovery console with winnt32 /cmdcons.


Where a device is not working properly, try:  Uninstall Device and Scan for hardware changes.

System Information under Accessories, System Tools can be used to view signed drivers (and much more information). If you prefer, try winmsd from the command line, also try Run, Sigverif.

System State

  • Registry
  • COM+ Class Registration Database
  • Boot files (boot.ini,, ntldr, bootsect.dos, ntbootdd.sys)
  • System files protected by the Windows File Protection service
  • Certificate Services database on a certificate server,
  • AD and the Sysvol folder on a domain controller,
  • Cluster service information on a cluster server, IIS metabase if IIS is installed.


Note:You cannot backup individual components of the System State. Nor can you backup the System State remotely.

To restore System State on a domain controller use Directory Services Restore Mode.

Authoritative restore of AD and Sysvol folder replicates objects from the restored domain controller to its replication partners.  It increases the USN (update sequence number by a huge number).  You need to be an expert on LDAP and NTDSUTIL to do this for real.

Non-authoritative (normal) restore of AD and Sysvol folder restarts the domain controller into normal operational status. You must perform non-authoritative restore before you perform an authoritative one.

ASR (RDISK in NT 4.0)

If you want to create ASR set and you do not have floppy drive, you can copy files (asr.sif and asrpnp.sif) from %Systemroot%\repair folder on the system to another computer.

To perform ASR you need: Windows Server 2003 CD, ASR backup set, ASR floppy disk.

ASR disk can be restored from ASR set.

Volume Shadow Copy Service (VSS)

Suppose a user wishes to recover yesterday’s version of their word document. How much would it cost to restore that one file a user?  If you implement Shadow Copy, then the user can recover the file themselves at no cost to you.

You can configure Shadow Copy by right-clicking the root of any volume, properties.  It only works on folders that are shared.  Best practice is to move the ‘Shadow to another partition.  You need a minimum of 100MB available for the system to create shadow copies.

The default timing for Shadow Copy is twice a day.  This frequency should be adequate, and certainly do not schedule the shadow copies for more than once every two hours.  The reason for this recommendation is that there is a limit of 64 shadow copies before the first one gets overwritten.  So you do not want copies to disappear too soon.

The key point to remember with Shadow Copy is that it operates on shares and not all folders.  It also follows that the XP machines need a TWClient (Shadow Copy Client), so firstly, share out this folder:

‘Previous version’ tab of shared folder Properties is visible only if you use UNC to connect to the file share.

Mirror and Striping with Parity

RAID-1 recovery: correct I/O error and Reactivate Volume or Reactivate Disk.

RAID-5 recovery: if the drive is returned to service, you may need to rescan and then Reactivate Volume; else you must replace the disk, initialize it, convert to dynamic, and choose Repair Volume.

Options of recovery: data loss or corruption in shared folder � use VSS, driver updates resulting instability � use driver Rollback (except printers) or disable a device causing instability, driver or service installation or update resulting in the inability to start OS � Last Known Good Configuration (else try Safe Mode or Recovery Console), failure of the disk subsystem � reconfigure RAID or restore backup to new disk.

TrainSignal - Windows Server 2008 AdminWindows Server 2008 Enterprise Admin

Train Signal have an excellent Windows Server 2008 course.  You get over 70 hrs instruction with Ed Liberman and Ben "Coach" Culbertson.  Try their step-by-step videos and master Windows Server 2008 Enterprise Admin.

The package includes the Transcender exams, which are the key to gaining the coverted Microsoft Certified IT Professional certification.  However, the course also builds practical experience so that you can manage your network effectively once you complete the course.

Watch a Demo of Train Signal’s MCITP course


Which of these is NOT part of the System State?
Com+ Class Reg
Boot Files
System Log

Free sample exam