Using File Classification Infrastructure (FCI) and AD RMS to automatically protect sensitive information

Windows Server 2008 R2 File Classification Infrastructure provides a built-in solution for file classification allowing administrators to automate manual processes with predefined policies based on the data’s business value.  (Windows Server 2008 R2 File Classification Infrastructure – Managing data based on business value)

The Active Directory Rights Management Services Bulk Protection Tool provides a command-line interface that you can use to decrypt AD RMS protected files. You can also use it to encrypt multiple files to a predefined rights policy template.

Together, the AD RMS Bulk Protection Tool and FCI, can be used to create file classification and encryption based on pre-defined rules

• Discover and classify: You can configure the FCI automatic classification to automatically classify files that contain sensitive information such as keywords (e.g.: Confidential) or regular expressions (e.g.: \d\d\d-\d\d-\d\d\d\d for a social security combination) on your file server
• Protect: Configure the FCI file management tasks to apply RMS protection to all files that are marked as sensitive

Step by step guidance on how to protect sensitive information using FCI and AD RMS is available at: Active Directory Rights Management Services Bulk Protection Tool and File Classification Infrastructure Step-by-Step

For all related FCI blog posts: http://blogs.technet.com/filecab/archive/tags/File+Classification+Infrastructure+_2800_FCI_2900_/default.aspx

File Classification Infrastructure blog posts by Titus labs - Dec. 2009

Additional blog posts by Titus labs that discuss:

• Owner based automatic file classification: http://sharepointmetadataandclassification.typepad.com/blog/2009/12/owner-based-classification.html
• FCI SharePoint upload script: http://sharepointmetadataandclassification.typepad.com/blog/2009/12/new-file-share-to-sharepoint-migration-utility-from-microsoft.html

 Happy new year to everyone

Automatically uploading files from File Server to SharePoint using the File Classification Infrastructure (FCI)

Windows Server 2008 R2 introduced a new File Classification Infrastructure that enables assigning metadata to files and applying file management tasks based on the file metadata (Windows Server 2008 R2 File Classification Infrastructure – Managing data based on business value)

In the past few months, we had a lot of questions from customers on how FCI (www.microsoft.com/fci) can help with scenarios such as:

·         Migration from File Servers to SharePoint

·         Moving specific files to SharePoint for advanced data management capabilities such as retention …

To help address these scenarios, we have recently published the FCI SharePoint Upload PowerShell script (Upload script on TechNet) that can be used in conjunction with the FCI file management tasks (Customizing File Management Tasks) to upload files to SharePoint (Both SharePoint 2007 and SharePoint 2010 Beta)

Note: you need to enable PowerShell script execution for the script to work

A few points to note about the FCI SharePoint Upload PowerShell script

·         When uploading a file to SharePoint, you can choose whether to leave a link on the file server, delete the file or just leave a copy of the file

·         The script supports transferring FCI metadata to SharePoint for all file formats as long as the same properties (columns) with a matching name (case sensitive) and type are defined on the SharePoint site

·         Files uploaded to SharePoint will get assigned the access rights of the SharePoint library they are uploaded to

An important aspect of the integration with FCI is that it allows you to target which files should be uploaded to the SharePoint site and which should remain on the file server. You can target files based on their creation date, last modified date, extension and of course classification properties.

Targeting which files to upload is a good practice (that will probably save you a lot of time) – for example: for a specific project you probably want to upload only the up to date information and avoid cluttering the SharePoint site.

The example below shows a simple upload scenarios. There are additional scenarios and capabilities that SharePoint 2010 lights up and will be discussed in future blogs

Example: Automatic upload of files into a SharePoint library

Let’s take an example where we would like to upload all files pertaining to the Apollo project from a collection of file shares to a SharePoint document library called “Project Apollo” and leave a links so that users can reach the uploaded files when they browse to the file server.

For this example, we will assume the files that we want to upload are tagged as “Project=Apollo” but this is optional, you could also choose to just upload all files

Some more details before we lay down the steps:

·         File server shares are in: d:\projects

·         Address of the SharePoint site is http://contoso

·         Document library on that site called “Project Apollo”.

·         User “contoso\johndoe”, with a password of “up@load”, has the rights to contribute to the site. (this is the user that the script will use when uploading the files)

Using the FCI snap-in (Customizing File Management Tasks)

1.       In the right pane, click on “File Management Tasks”.

2.       Click on “Create File Management Task…”

This will bring up the “Create File Management Task” dialog.

3.       In the “General” tab, fill in the fields in the dialog as follows:

a.       Task name example: “SharePoint Upload example”

b.      Scope example: “d:\projects”

4.       In the “Action” tab select “Type: Custom”

5.       Fill in the rest of the fields as follows:

a.       Executable: “C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe”

b.      Arguments: -noninteractive -file c:\scripts\FciSharePointUpload.ps1 -file “[Source File Path]” -url “http://contoso” -libPath "Project Apollo" –sourceAction url -user contoso\johndoe -password up@load

c.       Run the command as: Local System

6.       In the “Condition” Tab add a condition such as “Project   Equal  Apollo”

7.       In the “Schedule” tab add a schedule on which you would like to perform the operation

Once you configured the task, you can also choose to “Run task now” and observer the results

What to do when your system misbehave

<This is the 5th article in a series of posts discussing backup and recovery offerings in Windows 7. >

Imagine one day you got to your desktop and realized that some programs on your machine started crashing; or you’ve noticed some degradation in your machine’s performance. You’re not so sure when this started happening or what caused it…what should you do?

Action Center is your friend

By now, you’ve probably already figured out that the Action Center is the hub in Windows 7 for finding and resolving issues related to your PC. As a first step, you should always check if there are any problem reports or solutions already available. Action Center can be accessed from the notification area on the task bar:

In addition, Action Center provides two additional options – Troubleshooting and Recovery. The first option provides the tools for diagnosing various computer problems, ranging from Aero disabled to program compatibility issues, and guide you through additional steps such as Remote Assistant if the problem could not be resolved. The second option attempts to fix the issue by restoring the machine to a previous good state. In this blog we’ll focus on the second option – Recovery.

System Restore

In the Recovery control panel, the most prominent option is System Restore. If you’re not familiar with System Restore from previous versions of Windows, it is a tool that would help you roll the state of your operating system back to an earlier point in time, known as a restore point, without affecting your personal files such as documents and pictures. There are several reasons why we recommend System Restore as the first step as oppose to other recovery options. First, it’s the least intrusive option since it rolls back only your system and application files and leaves your personal files intact. Second, if System Restore is initiated from the running OS, an “undo” restore point is created so the process can be reversed. Last but not least, the process is fast and typically takes only a few minutes to complete.

You can access System Restore even if your computer is unable to boot into the operating system. When that occurs, start your computer and hold down F8 to access the recovery option menu where System Restore will be one of the options available. However one thing you should keep in mind is that System Restore initiated from a non-bootable OS will not have the option to undo the operation, though you may be able to attempt to restore to other restore points.

What’s new in System Restore

The System Restore wizard is intuitive and look and feel largely like it was in the previous versions of Windows. In a nutshell, all you need to do is pick a point in time that you would like to roll back to, and then your computer will be restarted to complete the operation.

Even though the experience is familiar, this doesn’t mean there’s no improvement done on System Restore. In fact, here are a few great additions that would help make your system recovery experience even easier in Windows 7:

· View affected programs

Ever wonder what programs or drivers might be affected by performing a restore? Now you don’t need to guess. When you select a restore point, you can see the list of programs, drivers or Windows Updates that you might gain or lose by rolling back in time. You can view this info by selecting the “Scan for affected programs” option in the wizard.

· Using a system image backup as restore point

There’s always a trade-off between how far back in time one can restore to, and the amount of space required on the OS to save older copies of your data for this recovery purpose. Now here’s a new solution. In Windows 7, system images you are already creating as part of your backup to a hard disk can also be used for the purpose of System Restore. Essentially, instead of re-imaging the entire disk, System Restore will extract just the system files from the image and use it like any other restore points. This allows you to potentially roll back to a much earlier point in time, and also an option to perform a less intrusive recovery prior to completely re-imaging your machine. These system image-restore points, if available, can be found in the System Restore UI by selecting “Show more restore points”, with the restore point type indicating that it’s from a backup.

Adjusting System Protection settings in Windows 7 (advanced)

System Restore, Previous Versions and system image backups’ versioning all use the same underlying technology – System Protection (aka Volume Shadow Copies). Here we’ll show you how to adjust settings for these features using the updated System Protection page in Windows 7.

At a high level, System Protection is used to keep track of changes to your personal and system files across an entire drive, such that you can restore them to an earlier state by discarding these changes (via Previous Version and System Restore respectively). The checkpoints that you can roll back to, call restore points, are created during application and driver installations, Windows Update, and at regular intervals if one has not been created in the last 7 days. They can also be created on demand from the System Protection page.

System Protection is turned on by default for the OS drive, but can also be turned on for any additional drives formatted NTFS and greater than 1GB. By default, protection is set to maximum by providing both Previous Version and System Restore capabilities. In Windows 7, however, there’s a new System Protection option “Only restore previous versions of files”. As mentioned earlier, System Restore is designed to bring your system back to an earlier state without affecting your personal files. However, if you are a programmer or system administrator who store programs or scripts on your computer, these files might be undesirably rolled back by System Restore due to their executable nature. By storing these files in a separate data drive and selecting this option, you’ll be able to enjoy Previous Versions protections of such files, but at the same time not having to worry about these files being accidentally rolled back by System Restore. You should not select this option for the OS drive.

For drives 64GB or smaller, a maximum of 3% drive space will be allocated by default for System Protection. For drives greater than 64GB, 5% will be allocated, with a cap at 10GB. You can adjust these settings by selecting the appropriate drive and changing the maximum usage slider. As space runs out, older restore points will be deleted to make room for new ones. Therefore a larger setting will allow more space to be used for storing restore points, which means the ability to restore further back in time. However this also means that less space will be available for other storage purposes on that drive, so it is a tradeoff that needs to be taken into consideration. Similarly, Windows by default allocates a maximum of 30% of disk space on the backup target drive for storing older versions of the system images. This value can be adjusted by using this same control.

The System Protection page also provides the ability to delete all restore points. Note that selecting this option will delete ALL data stored under the system protection storage area, including restore points for System Restore and Previous Versions; earlier versions of system image backups, or any shadow copies created by 3^rd party applications. New restore points will continue to be created unless you turn off system protection entirely. Since System Protection storage has an automatic space management policy, and it can never grow beyond the allocated maximum value, we do not encourage using this functionality if your only motivation is to conserve space.

In the next post, we’ll continue to discuss the rest of the system recovery options on the Recovery control panel, focusing on recovery from a system image.

- Windows Backup team

Volume Shadow Copy (VSS) and Automated System Recovery (ASR) doc updates

Windows 7 Disk Defragmenter User Interface Overview

Introduction

The Vista and Windows Server 2008 Defragmentation UI was limited to essential information and controls.   Based on user feedback it was found that the UI was too minimal.   In Win7 the UI intends to make the defrag operations more transparent and match the task demands of the user.

List of features provided through Windows 7 Disk Defragmenter UI

1.       Analyze and defragment each volume to improve disk performance

2.       Monitor defragmentation progress and state for each volume

3.       Schedule a job for regular defragmentation

In Windows, defrag is scheduled on an entire volume. The volume can be formatted with the standard windows file systems: NTFS, FAT and FAT32. The volume can be a basic partition or any of the dynamic types: Simple, Stripped, Mirror, RAID-5. The type of disks that host a volume have an impact on automatic scheduling of defrag on the volume. Besides normal rotating hard drives, interesting types of disks in the context of defrag are: Expandable Virtual Hard Disks (VHD) and Solid State Drives (SSD). Defrag cannot be automatically scheduled on volumes hosted by SSD disks and running defrag on volumes hosted by SSD disks is not recommended.

This article explains the different parts of the defrag UI and presents in details the criteria used to determine if the disk hosting the volume is suitable for defrag.

Disk Defragmenter Main UI

This is the primary dialog (Figure 1)  that comes up when the defrag UI is started.  The UI can be started from the start menu shortcut (All Programs->Accessories->System Tools), from the control panel (Control Panel->System and Security->Administrative Tools-> Defragment Your Harddrive) or from the “Tools” tab in the volume’s properties dialog.

 

Figure 1

 

Schedule

The “Schedule” section in this dialog (figure 1) displays volumes that are scheduled for automatic defragmentation. It is recommended to have the schedule turn on. The new Windows 7 Disk Defragmenter will exclude the volumes that are not recommended to run defrag regularly. [ Note even if the system only has SSD disks and expandable VHDs, the schedule would still be turned on; to verify if the volumes are scheduled for defrag click  Configure Schedule.]

 

Current Status

The list shows all the volumes that can be defragmented. This includes volumes on the solid state drives. Note that volumes on SSDs and dynamic VHDs can be defragmented but are not scheduled to run regularly; this gives users the options to defrag SSD volumes if they feel the need to do so.  

To analyze disk or Defragment Disk: select the volume from the list, and then click on Analyze disk or Defragment disk.

 

Configure Schedule

This dialog (figure 2) allows modification of the defrag schedule. Click on Select disks to see the volumes that are included in the defrag schedule.  

 

Figure 2

 

 Select Disks/Volumes

Select or unselect the Checkboxes to include or exclude the volumes for regular defragmentation respectively.  Selecting “Automatically defragment new disks” will automatically add new volumes to the defrag schedule

 

Figure 3

 

The screenshot below (figure 4) shows there are no volumes scheduled for defragmenter. No volumes are listed because all the volumes in the system are not suitable for regular defrag (because they could all be on SSDs or expandable VHDs). However, the user can go to the main defrag UI to defragment the volume manually.  

 

Figure 4

 

What volumes are excluded from defrag schedule?

As mentioned earlier, regular defragmentation of volumes on certain disk types like SSD disks and expandable VHDs are not recommended. Defrag UI excludes volumes from being scheduled based on the following:

·         Volumes on disks whose driver reports “no seek penalty”.  [more details …]

·         Volumes on ATA/SATA disks that report a nominal media rotation rate of 1. [more details …]

·         Volumes on critical disks with high very random read disc rates. [more details …]

·         Volumes on expandable VHDs.

The high level overview of the detection algorithm as follow:

                If (no_seek_penalty) {

                                exclude from schedule      

} else if (is_expandable_VHD || is_differential _VHD) {

                                exclude from schedule

} else if (is_ATA_nominal_disc_rate) {

                                exclude from schedule

} else if (is this boot disk) && (high_random_read_rate) {

                                exclude from schedule

}else{

                                include in the schedule

}

Note that volumes on any VHD which in turn is hosted on a SSD is also excluded from defrag.

 

How does disk defragmenter get the “no seek penalty” from device?

Disk port driver needs to send a valid response to IOCTL_STORAGE_QUERY_PROPERTY call. Disk Defragmenter issues IOCTL_STORAGE_QUERY_PROPERTY request with QueryType = PropertyStandardQuery and PropertyId = StorageDeviceSeekPenaltyProperty.

A valid response involves populating a DEVICE_SEEK_PENALTY_DESCRIPTOR structure with accurate version and size data. If the IncursSeekPenalty member is set to false, the disk is considered a SSD.

 

How does disk defragmenter get the “nominal media rotation rate” from device?

 

If the port driver does not return valid data for StorageDeviceSeekPenaltyProperty, Disk Defragmenter looks at the result of directly querying the device through the ATA IDENTIFY DEVICE command. Defragmenter issues IOCTL_ATA_PASS_THROUGH request and checks IDENTIFY_DEVICE_DATA structure. If the NomimalMediaRotationRate is set to 1, this disk is considered a SSD.

The latest SSDs will respond to the command by setting word 217 (which is used for reporting the nominal media rotation rate to 1).  The word 217 was introduced in 2007 in the ATA8-ACS specification.

How does disk defragmenter get the “random read disc score” from the device?  

Disk Defragmenter uses the Windows System Assessment Tool (WinSAT) to evaluate the performance of the device. The performance threshold was determined by some I/O heuristics through WinSAT to best distinguish SSD from rotating hard disks.  

------

Post by Eva Liu

Managing backup disk space

<This is the fourth post in a blog series on backup and recovery offerings in Windows 7. >

If you’re reading this post it’s likely that you’ve already set up Windows Backup on your Windows 7 PC and running it on a schedule to protect your data and system. However as storage size is limited, your backup disk will run out of space at some point. Don’t sweat it. Windows 7 makes it easy to delete older file backups and manage the number of image backup versions.

When to manage backup disk space

You can manage backup disk space at any time using the “manage space” option from the Backup and Restore control panel. , but you’ll also get a notification from Action Center when backup cleanup becomes necessary:

When you click on this message, you will see the space management window opens which has 3 sections:

· Space usage summary: Shows the total amount of space on the backup target, and a breakdown of how the space is currently utilized by file backup, system image, and any other files you may have.

· Data file backup: Provides the option to delete data file backups on target to free up space.

· System image: Lets you configure the number of system images stored on the target.

We will discuss these sections in detail below.

Space usage summary

This section is fairly straight forward. Its goal is to help you determine what is occupying your backup disk space and decide what to delete. Note that if you have backups from another computer present on the backup disk, those will also be shown under “Other Files”. If you decide to delete the non-backup files on the target, you can conveniently browse the target from the “Browse” link below the icon on the left.

Data file backup

As a recap from the previous blog post Protect your files and PC with Windows 7 Backup<link> - when you configure Windows Backup, the first backup will be a full backup of all the selected backup contents. Subsequent backups will be incremental to the incremental in nature, containing only new or changed files since the previous backup. Windows Backup will, however, automatically create full backups from time to time. This is such that you will have the option to delete older backups that may contain deleted or obsolete files that are no longer useful, without losing the backup of important files that are still present on your machine. The frequency of creating new, full backups depends on several factors, such as the disk space consumed by deleted or older versions files.

When you select the “View backups…” option, you’re presented with a dialog that shows all the backup of your current computer on the target. The granularity for deletion is a backup period, which represents a full backup together with its associated incremental backups. Whenever you run out of backup disk space, you should always start deleting from the oldest backup period to minimize potential data loss. If there is only one backup period available, you should really think twice before deleting it since you will lose your entire backup. You may want to copy that backup to another location, or try to delete other non-backup files on the target to free up space instead. If you do choose to go ahead with the removal, Windows Backup will offer to kick off a new, full backup to ensure you maintain up-to-date protection of your data.

System image

Your options for managing system image depend on whether you’re currently creating system images on a scheduled basis.

1. Creating system image on schedule

When you set up Windows Backup to create system images on a regular basis, it’ll automatically manage the amount of space used for storing the backup versions. As explained in the system image backup post <link>, older system images are stored in the shadow copy storage area on the backup disk. By default, it’ll set this shadow copy storage area to use a maximum of 30% of the backup disk space. Windows Backup will move older backups to this storage area as new ones are created, until the maximum allocated space is filled. At that point, the oldest backup will be deleted, followed by the second oldest and so on, until enough space is freed up to allow the latest image to be created.

This default behavior is shown above as the pre-selected option “Let Windows manage the space used for backup history”. In this example, 30% of the backup disk space amounts to 81.13GB. The reason that not the entire disk space is utilized for storing older system images is so that there will be space left for storing your file backup as well. If you do wish to adjust the size of the shadow copy storage area (though not recommended), you can accomplish this by following these steps:

i. Go to Start->Computer->Properties->System Protection.

ii. Choose your backup target, click “Configure”

iii. Under “Disk Space Usage”, adjust the slider to the desired setting

When you adjust this setting, keep in mind that increasing the shadow copy storage area size comes at the expense of the space that can be used for other purpose, most importantly your file backup. Another thing is that you should not turn on System Protection for your backup disk, as this will enable the shadow copy storage area to be used for other purposes which will accelerate the deletion of your older backups. We’ll discuss the System Protection page in details in a later post when we look at some of the system recovery improvements in Windows 7.

If you only care about having the latest system image available and would like to conserve disk space, you can select the second option in the dialog shown above. Choosing this option means that Windows will always keep one (the latest) system image only for your computer. Whenever a new system image is created, the older one will be deleted.

Note that these options are available only if you’re creating scheduled system image to a hard disk. If you’re backing up to a network share, these options are not available since network share does not support storing older system images. Older system image of the same computer will always be deleted when a new one is created.

2. System images are not created on a schedule

If you’ve previously created system images on the target but are no longer creating any new images on a schedule, you can choose to retain the latest image and delete the rest, or delete all system images on the target. We recommend that you always keep at least one system image around for safekeeping.

With hardware storage price getting much lower these days, we recommend investing in a larger backup disk to protect your important data. However even when you do run out of space, Windows Backup makes it easy to manage older backups to ensure that data protection is not disrupted. In the next post we’ll cover the system recovery options in W7.

-- Windows Backup team

Recovering your files in Windows 7

<This is the third post in a blog series on backup and recovery offerings in Windows 7. >

Many of us have experienced this panic moment when we realized some important files are missing or are accidentally modified, but Windows users who’ve configured Windows Backup (or even those who haven’t) don’t need to sweat, because their data is in good hands. In this post we’ll talk about how to recover a file from the local hard disk and from a backup. As an advanced topic we’ll also discuss how to extract files from a system image.

Default protection

We cannot emphasize enough the importance of having a backup of your data on an external storage location (e.g. external hard disks, network location) as that’s the only way to safeguard your important data against hardware failure on your PC. That being said, by default Windows will automatically create copies of your data on your OS drive to help ease other data loss situations such as accidental deletion and modifications. These copies of files are created on a best effort basis and may be short lived, so you should never rely solely on them as a replacement for a backup. Nonetheless they could be extremely useful if you’re unable to access a backup for any reason, such as when you’re on the go.

(Note that these automatic copies, also known as system protection, are turned off by default on non-OS drive. If you’re interested in learning more about this feature, remember to read our next post as we’ll discuss them in detail in conjuncture with the System Restore feature.)

To access an older version of a file, simply right click on the file and select “Restore previous versions”, where you will see all the available versions of the file. You can then choose to restore the file, or as a safer option copy the file to another location. Alternatively if the file has been deleted, you can select the same option on the folder that originally contained the deleted file, open the version that contains the deleted file and do the restore.

Restoring files from a backup on the same computer

If you’ve set up Windows Backup on your computer, you can also access the files in the backup through the same dialog above; except you’ll see from the location column that the file is in “Backup” rather than in a “Restore point”. This experience is optimized for quick restore of a single file, and does not work for restoring an entire folder or if you need to restore selected files from various folders. In these cases you can launch the file recovery wizard from the Backup and Restore control panel to access the complete list of file recovery options.

When you click on “Restore my files” from the control panel, you’ll be able to restore all the files that you have read access on that were backed up to the current backup target. If you want to restore other users’ files, choose the “Restore all users’ files” option instead, which would require you to have administrative privilege. This option would also allow you to restore files to locations that may require administrative access. To select files or folders for restore, you can either browse your backup content, or you can search for the file\folder by its name or using wild card searches. By default, the restore wizard will always show you the latest versions of all your files. If you need an older version of a file, select “Choose a different date”.

After selecting which file/folder to restore, you can then select where to restore the files to. To avoid potentially dealing with file name conflicts or accidentally overwriting your data, we would recommend restoring to an alternate location and then copying the files back only after verifying that those are truly the ones you want. Also, if you’re restoring applications or system files, you will not be able to directly restore them to original location since doing so might break existing applications (and in most cases simply replacing such files would not help repairing an application or system state. To revert your system or application to an earlier point in time, System Restore should be used. See our next post to learn more about this feature). Attempt to restore these files to original location will result in those files being skipped and reported in the log file. If you do need to restore such files, restore them to a different folder and then copy them to the desired location.

After the restore is completed, you can launch explorer from the restore wizard to view the restored files.

Restoring files to a new OS or after recovering from a system image

If you have reimaged your computer to an earlier point in time, or installed a new operating system, the recovered or new OS will not have record of the latest backups that you’ve made. In this case, you can use the “Select another backup to restore files from” option to specify where the backup is located. The wizard will automatically look for available backups on all devices currently connected to the computer, and you can also specify a network location to restore from. Once you’ve selected the backup, the rest of the steps to restore the files remain the same.

When restoring files from a different OS, it’s highly recommended that you restore the files to an alternative location since the users and folder structures on the new computer might have. Restoring to original location means that the restore wizard will restore your files by recreating the old folder paths, which might make it much harder locate the restored files afterwards.

Restoring backups from previous versions of Windows

You can restore backup made from Windows Vista following the same steps above as restoring a Windows 7 backup to another computer. If you’ve created a backup using the NTBackup utility in XP, at the time of this blog post you can download a free tool here to restore the .BKF files on Windows Vista. The ability to restore .BKF files on Windows 7 will be supported in the near future and more details will be provided at that time.

Sometimes bad things do happen to good people, but hopefully this post has provided you with all the information you need to know about recovering your valuable data. Coming up in the next few posts, we’ll cover how to manage space for backup, and then move onto system recovery related topics.

-- Windows Backup team

Learn more about system image backup

<This is the second post in a blog series on backup and recovery offerings in Windows 7. >

In the last post, we’ve briefly mentioned that Windows 7 offers both the ability to backup individual folders and to create a system image of your computer, and how they could be used to protect your personal and system files. In this post we’ll focus on system image backup to give you an in depth view on how the technology works, and how the configuration of your OS may affect the image and the implications during recovery.

What is a system image and how does it work?

Just as a brief recap, a system image is in essence a snapshot of an entire drive(s). The backup is done in block level (as opposed to file level) increments and includes all user and system files, configuration data and applications that are present on the drive, plus information regarding disk layout and boot entries. The image can be used to recover a working Windows if your hard disk ever fails, or if you simply want to reimage your OS to an earlier point in time.

During the first backup, the backup engine scans the source drive and copies only blocks that contain data into a .vhd file stored on the target, creating a compact view of the source drive. The next time a system image is created, only new and changed data is written to the .vhd file, and old data on the same block is moved out of the VHD and into the shadow copy storage area. Volume Shadow Copy Service is used to compute the changed data between backups, as well as to handle the process of moving the old data out to the shadow copy area on the target. This approach makes the backup fast (since only changed blocks are backed up) and efficient (since data is stored in a compact manner). When restoring the image, blocks will be restored to their original locations on the source disk. If you want to restore from an older backup, the engine reads from the shadow copy area and restores the appropriate blocks.

Creating a system image

As mentioned in the previous posts, when configuring Windows Backup, a system image is automatically included in the scheduled backup if the backup target is formatted with NTFS file system and has sufficient space. This system image contains only the critical drives that are required for Windows to operate. Examples of critical drives include system volume, boot (OS) volume, and the volume where the Windows Recovery Environment is installed (typically the same as boot volume on a default installation of Windows 7). As seen from the example below, the System Reserved drive, which is the system volume, and the C: drive that represents the boot volume are both included. The G: drive on the other hand, which is purely a data drive, is not included. To back up any data from G:\, you can select the drive or its folders from the tree view above to create a file-based backup.

Using the Windows Backup wizard above is the simplest way to protect your data and system, since the backups will be created automatically on a schedule. However if you want to create an advanced system image that also includes additional data drives on top of the critical drives, or if you want to save a custom system image to an alternate location (e.g. to a set of DVDs that you can easily carry with you on a trip), you can create such images on an ad hoc basis using the “Create a system image” task link on the Backup and Restore control panel.

The steps to create an advanced system image are very similar to creating the regular scheduled backup. First, select where you would like to save the image, which can be the same as or different from the target for the regular scheduled system image backup. Then you can select which drives should be included in the image. Some drives are selected by default since they are required for Windows to run and must be included in the image. However you are free to select any additional drives to include.

After a final confirmation of the source and the target, you are good to go.

Command-line options

Wbadmin.exe is the command line utility for creating system images and supports all functionalities available from the wizard and more. Using wbadmin and task scheduler together you can create advanced system image on a scheduled basis. For more information regarding the wbadmin subcommands, type “wbadmin help” from a command prompt or visit MSDN (note that some subcommands on MSDN are only available for Windows Server 2008 backup).

There are no differences in the system image created using a wizard or command line tool, and you will be able to restore the images using the same procedures (more on system image recovery in a later post). However, the configurations of your source and target disks do have implications on the ability to backup and restore the image. We’ll explore this some more in the next section.

Considerations while creating a system image

Since system image is a critical feature to ensure availability of your system and data after a disaster, it is important to understand how some of the advanced configuration on your system may affect your options during restore.

1. Choosing the backup target

System image is supported on internal\external disks, optical removable media, and network locations (Business edition or above). Aside from the usual tradeoffs when picking a storage location such as performance and reliability, here are some additional recommendations to consider for picking a system image backup target:

• Do not store the image on the same physical disk as the OS – If the hard disk ever fails, you’ll lose both your OS and the backup.
• Do not store the image on a dynamic disk – a system image stored on a dynamic disk will provide limited functionality during restore. Specifically, the restore will be supported only if the partitioning on the source disk has not been changed. Therefore if your hard disk failed and is replaced with new hardware, you will not be able to restore the image.
• Support for multiple images – As mentioned above, when a new system image is created, older data will be moved to the shadow copy storage area if it’s available. NTFS formatted internal or external hard disks supports Volume Shadow Copy, hence they support storing multiple versions of backup image. We recommend that the size of the target disk should be at least 1.5 times of the size of the source drive(s) to allow enough space for storing older versions of backup. Network share and optical media, on the other hand, do not support shadow copy. Therefore only one system image per computer can be stored at a time (as the .vhd file). Any newer backup created will replace the older backup.
• Use a dedicated backup disk - Older backup that are stored in the shadow copy area on the target may be deleted as space runs out. The amount of churn that happens on the target is one factor that contributes to this deletion. Therefore to ensure the older backups can be kept for a longer period of time, try not use the backup disk for other purpose.

More information regarding differences between backup on hard disk, optical media and network locations can be found in Help and Support.

2. Configuration on the source disk(s)

When a system image is created, it captures the data of (at least) all critical drives on the source disks, and also information regarding the state of all disks and partitions that are present in the system in case partitions need to be recreated during restore. Therefore the layout of the disks at the time of backup will have implications on what is included in the backup and also the options available for restore.

• Disk layout when dual booting Windows 7 with an earlier operating system – Depending on how the two OS are installed, the earlier operating system may be residing on a drive considered critical for Windows 7 and therefore will be mandatorily included in the system image for Windows 7. For example, if the computer originally has Windows Vista installed on the (C:) drive which serves as both the boot and system volume, then Windows 7 will automatically make use of (C:) as its system volume as well. This makes (C:) a critical volume for Windows 7 and must be backed up. However this also means that the all data associated to Windows Vista will be included. To avoid including an earlier OS in the Windows 7 image, you will need to create a separate system partition to be shared by both OS. We’ll be posting an article soon on how this can be done.
• Create a new image after a disk layout change ­– During system image recovery, the UI will check if the current layout on the disk matches the layout information captured in the backup. If it matches, then it will allow restoring only the data in the critical partitions without formatting and recreating partitions on the entire disk. However if the layout has been changed, then it will need to recreate the partitions using information from the backup, which means formatting the entire disk and potentially deleting any non-critical partitions and their data. Therefore it’s recommended that if you ever change the disk layout on your computer, you should create a new system image to allow for a more flexible recovery experience.

3. Multiple machines environment or dual boot machine

• Use different computer names - System images are identified by computer name, and are stored in separate folders with the corresponding computer name on the backup target. If you have two computers with the same name and you use the same backup target for both, the system image of the second computer will overwrite the first one (If the backup target supports shadow copy, this means the older backup will be moved to the shadow copy storage area and may be lost as space runs out). This is especially important if you have created a system image of an earlier OS (e.g. Windows Vista) and then upgraded to Windows 7 using the same computer name, the Vista image may be lost.
• Do not access the backup disk with Pre-Windows Vista OS – Pre-Windows Vista OSes (e.g. Windows XP) do not support the current shadow copy mechanism, and will cause shadow copies to be deleted if it attempts to access a target with shadow copies present. In this case, all older backup (except the latest image stored in the .vhd file) will be lost.

If you have any questions regarding your specific configurations, do not hesitate to leave a comment or visit our forum for support.

-- Windows Backup team

Optional configuration for the DFS Replication Management Pack

My previous blog post explained how to configure the DFS Replication management pack. The backlog monitoring feature of the management pack is disabled by default and requires some additional configuration. This blog post explains how to enable backlog monitoring using the DFS Replication management pack and also describes how to override some of the default configuration settings in the management pack.

Configure the DFS Replication monitoring profile

In Operations Manager 2007, Run As Profiles and Run As Accounts are used to select users with privileges that are needed to run rules, tasks, and monitors. The backlog monitoring discovery script included in this management pack queries the DFS Replication WMI provider on all monitored computers. To do this, it needs to run in the context of a privileged monitoring account. This management pack includes a privileged monitoring profile called DFS Replication Monitoring Account. You need to add a Run As account to this profile to monitor the replication backlogs.

The first step is to create a Run As account that has the requisite privileges to connect to the DFS Replication WMI provider on all monitored computers. The WMI provider does not allow non-administrative access and therefore, you need to ensure that the Run As account has at the very least local administrator privileges for each of the monitored computers.

• To create a Run As account on System Center Operations Manager 2007 R2, perform the following steps:
• Open the Operations console with an account that is a member of the Operations Manager 2007 Administrators role.
• Select the Administration view.
• In the Administration view navigation pane, right-click Accounts, and then select Create Run As Account.
• In the Create Run As Account Wizard, on the Introduction page, click Next.
• On the General Properties page, do the following:
  • Select Windows in the Run As Account type list.
  • Type a display name in the Display Name text box. Choose a descriptive name such as DFS Replication Monitoring Users.
  • You can also type a description in the Description text box. Adding a description helps other users know why you set up this account and the privileges associated with it.
  • Click Next.

• On the Credentials page, type the user name and password of the account with administrative privileges that you want to use, select the appropriate domain, and then click Create.
• On the Distribution Security page, select More secure – I want to manually select the computers to which the credentials will be distributed, and then click Create.

After the Run As account has been created, right click on the Run As Account in the Accounts pane and select its properties. In the Run As Account Properties – DFS Replication Monitoring Users dialog, select the computers to which these credentials are to be distributed.

The next step is to associate this Run As account with the privileged monitoring profile included in the DFS Replication management pack. This configuration step ensures that the replication backlog discovery script has the required privileges to connect to the WMI provider for DFS Replication on monitored computers and retrieve replication backlogs. To add the Run As account you just created to the DFS Replication Monitoring Account Run As Profile on System Center Operations Manager 2007 R2, perform the following steps:

• Open the Operations console with an account that is a member of the Operations Manager 2007 Administrators role.
• Select the Administration view.
• In the Administration view navigation pane, click the Profiles container.
• In the list of available Run As profiles, right click DFS Replication Monitoring Account, and then select Properties.
• In the Run As Profile Wizard, on the Introduction page, click Next.
• Click Next on the General Properties page.
• On the Run As Accounts page, click Add.
• In the Add a Run As Account dialog box, select the Run As account you created from the list of available Run As accounts, for example DFS Replication Monitoring Users.
• Select the All targeted objects option to manage all monitored computers by using this Run As profile, and then click OK.
• Click Save to update the Run As Profile.

Enable backlog monitoring

This feature enables administrators to keep track of replication backlogs on monitored computers. Backlog tracking is performed by a discovery script that queries the WMI provider for the DFS Replication service on monitored computers. This discovery script is disabled by default, thereby disabling the monitoring of replication backlogs by default. This section provides instructions for enabling backlog monitoring. After backlog monitoring is enabled, the Backlog Monitoring dashboard view will be populated with replication backlogs that are retrieved from all monitored computers.

To enable backlog monitoring for the DFS Replication Management Pack, perform the following steps:

• Log on to the computer with an account that is a member of the Operations Manager Advanced Operator role for the Operations Manager 2007 management group.
• In the Operations console, click Authoring.
• In the Authoring pane, expand Management Pack Objects, and then click Object Discoveries.
• In the Object Discoveries pane, completely expand Replication Connection.
• In the results pane, select the discovery rule titled Discover replication backlogs on monitored computer.
• On the Operations Manager toolbar, click Overrides, and then point to Override the Object Discovery. You can choose to override this monitor for objects of a specific type or for all objects within a group. We recommend that you create an override with the scope ‘For all objects of type: Replication Service’.

• After you choose the objects for which you would like to override the default settings, the Override Properties dialog box opens, which enables you to view the default settings that are configured for the backlog discovery rule.
• Click to place a check mark in the Override column next to each setting that you want to override. When you complete your changes, click OK.
• As shown in the following example, to enable the backlog monitoring discovery script, select the parameter Enabled, and then set its Override Setting to TRUE. The example also shows how you can configure the default frequency with which the script is run.

• You can also configure the frequency with which the backlog monitoring discovery script runs by overriding the value of the Interval in seconds parameter. The script is set to run with a default frequency of 14,400 seconds (4 hours). By changing the value of this parameter, you can configure the backlog discovery script to run at a desired frequency.
• At the bottom of the Override Properties dialog box, you can select the management pack in which to store the override settings. We recommend that you create a separate management pack to store override and custom configuration settings that are specific to the DFS Replication Management Pack. Remember to name the separate management pack clearly so that you can easily find it and keep a backup of that management pack.

Note: We highly recommend that you store all override settings in a separate management pack. By default, if you do not choose to store settings in a separate management pack, all overrides and custom configuration settings are stored in the Default Management Pack.

• Click New. The Create a Management Pack Wizard appears. Choose a name for the management pack in which to store the override settings. Optionally, if you have already created a new custom management pack to store the override settings and other customizations for the DFS Replication Management Pack, select the name of that management pack in the Override Properties dialog box.
• After you finish, click Apply, and then click OK to create the custom override and to enable backlog monitoring for the DFS Replication Management Pack.

Note that it will take some time before the Backlog Monitoring view is populated with replication backlogs that are retrieved from the monitored computers.

Configure how often discovery rules are run

The following table lists the default frequency with which various discovery rules that are included in the DFS Replication Management Pack are run. Evaluate these default settings to determine whether the configured default frequencies are appropriate for your environment. If a configured default frequency is not appropriate for your environment, consider overriding the corresponding discovery rule and tuning the frequency as appropriate.

To tune the configured default frequency for discovery rules that are included in the DFS Replication Management Pack, perform the following steps:

• In the Operations console, click Authoring.
• In the Authoring pane, expand Management Pack Objects, and then click Object Discoveries.
• In the Object Discoveries pane, completely expand any of the following discovered types:
  • Replicated Folder
  • Replication Member
  • Replication Service
  • Replication Volume
• Select the discovery rule that you would like to tune.
• On the Operations Manager toolbar, click Overrides, and then point to Override the Object Discovery. You can choose to override this monitor for objects of a specific type or for all objects within a group.
• After you choose which group of object types to override, the Override Properties dialog box opens, which enables you to view the default settings that are configured for this object discovery.
• Click to place a check mark in the Override column next to each setting that you want to override. When you complete your changes, click OK.

-------

Mahesh Unnikrishnan

Configuring the DFS Replication Management Pack

My previous post explained how to import the DFS Replication management pack using the Operations Manager console. In this post, let’s explore how to set up the management pack and configure it to monitor the health of DFS Replication.

Select computers to be monitored

The first step is to configure Operations Manager to monitor the servers running DFS Replication that make up your replication infrastructure. This can be done using the Administration option in the Operations Manager console. To configure computers to be monitored using Operations Manager, perform the following operations:

• In the Operations console, click Administration.

• In the Administration pane, click Device Management.

• In the Administration Overview pane, click Required: Configure computers and devices to manage.

• This brings up the Computer and Device Management Wizard.

• Select Windows computers in the wizard.

• In the following page, select the Automatic computer discovery option.

• Follow the instructions in the wizard and let the discovery scan run.

• The wizard discovers all computers in the domain. Select the computers you would like to manage.

• Remember to select Agent as the Management Mode in the wizard.

After this, the wizard proceeds to install the agent on all computers you have selected for monitoring.

Once the agent has been installed on all the computers you have selected for monitoring, you should be able to see entries for each of the computers in the list of Agent Managed computers. By the end of this step, Operations Manager will also be done pushing the DFS Replication management pack out to these monitored computers.

At this stage, the management pack is now setup to perform basic monitoring for the DFS Replication service. You will notice that it has discovered that the DFS Replication service is running on the computers you’ve selected for monitoring.

However, for many of the discovery rules to work properly, we need to perform some post-install configuration. For example, you will notice that the management pack does not discover replication group members and settings configured for them. You will also notice that the Backlog Monitoring is empty. These features need some additional configuration settings.

These post installation configuration steps are detailed below.

Configure the management pack

After you import the DFS Replication Management Pack, follow these configuration steps.

1) Enable the Agent Proxy setting on all monitored computers

If you do not enable the Agent Proxy setting on servers running the DFS Replication service, the discovery rule ‘Replication Group Discovery’ fails to run. To enable the Agent Proxy setting on all computers you would like to monitor, perform the following steps:

• Open the Operations console, and then click Administration.
• In the Administration pane, click Agent Managed.
• Double-click the name of a server running the DFS Replication service.
• Click the Security tab.
• Select Allow this agent to act as a proxy and discover managed objects on other computers.
• Repeat these steps for each server running the DFS Replication service that you want to monitor.

2) Allow WMI through the Windows Firewall on all monitored computers

The DFS Replication management pack uses Windows Management Instrumentation (WMI) scripts extensively for its discovery rules. Therefore, it will not work if a monitored computer’s firewall has been configured to disallow WMI connections.

3) Create a new management pack for customizations

Most official management packs (including the DFS Replication Management Pack) are sealed so that you cannot change any of the original settings in the management pack file. However, you can create customizations, such as overrides or new monitoring objects, and save them to a different management pack. By default, Operations Manager 2007 saves all customizations to the Default Management Pack. As a best practice, you should instead create a separate management pack for each sealed management pack that you want to customize. Creating a new management pack for storing overrides has the following advantages:

• It simplifies the process of exporting customizations that you created in your test and preproduction environments to your production environment. For example, instead of exporting the Default Management Pack that contains customizations from multiple management packs, you can export only the management pack that contains customizations for a single management pack.
• You can delete the original management pack without first deleting the Default Management Pack. A management pack that contains customizations is dependent on the original management pack. This dependency requires that you delete the management pack with customizations before you can delete the original management pack. If all of your customizations are saved to the Default Management Pack, you must delete the Default Management Pack before you can delete an original management pack.
• It is easier to track and update customizations to individual management packs.

For more information about management pack customizations and the Default Management Pack, see About Management Packs in Operations Manager 2007 (http://go.microsoft.com/fwlink/?LinkId=108356).

Optional configuration – enable backlog monitoring

The next blog post explains how to perform optional configuration steps for the DFS Replication management pack. This includes enabling the backlog monitoring feature.

-------

Mahesh Unnikrishnan

Importing the DFS Replication Management Pack

My previous post explained how to install the DFS Replication management pack on the management server. The next step is to import the management pack using the Operations Manager console. This post explains how to import the management pack.

Before you import the DFS Replication management pack

Upgrades from the beta or other prerelease versions of the DFS Replication Management Pack are not supported. You must delete the beta or prerelease version of the management pack by using the Operations console before you install this version. When you delete a management pack, all the settings and thresholds that are associated with it are removed from Operations Manager 2007. Also, the .mp or .xml file for that management pack is deleted from the hard disk drive of the management server. If you do not have a prerelease or beta version of the DFS Replication management pack, feel free to skip this section.

Perform the following steps to remove an existing beta version of the management pack prior to installing this version:

• Log on to the computer with an account that is a member of the Operations Manager Administrators role for the Operations Manager 2007 management group.
• In the Operations console, click Administration.
• In the Administration pane, click Management Packs.
• In the Management Packs pane, right-click Microsoft Windows DFS Replication, and then click Delete.
• Click Yes when you see the confirmation dialog.

After you remove the beta or prerelease version of the management pack, restart the Operations Manager health monitoring service on the monitored computers. This can be done by running the following commands on the monitored computers:

net stop HealthService

net start HealthService

After the health monitoring service has started, you are ready to import the new DFS Replication Management Pack and begin monitoring DFS Replication.

Importing the management pack

There are multiple options when it comes up to importing a management pack. These are explained in detail on TechNet. Broadly speaking, these options are:

• Import directly from the System Center Operations Manager 2007 Catalog by using the Operations console.
• Import from disk (local storage or a network file share) by using the Operations console.
• Use the Operations console to download a management pack from the catalog to import at a later time.
• Use an Internet browser to download a management pack from the catalog to import at a later time.

This blog post explains the second option for importing the management pack. As explained in the previous blog post, the DFS Replication management pack would be installed on the management server in the ‘System Center Management Packs’ folder under the Program Files directory. The detailed steps are given below:

• Log on to the computer with an account that is a member of the Operations Manager Administrators role for the Operations Manager 2007 management group.

• In the Operations console, click Administration.

• Right-click the Management Packs node, and then click Import Management Packs.

• The Import Management Packs wizard opens. Click Add, and then click Add from disk.

• The Select Management Packs to import dialog box appears. If necessary, change to the directory that holds your management pack file. Click one or more management packs to import from that directory, and then click Open.

• On the Select Management Packs page, the management packs that you selected for import are listed. An icon next to each management pack in the list indicates the status of the selection, as follows:

  • A green check mark indicates that the management pack can be imported. When all management packs in the list display this icon, click Import.
  • A red error icon indicates that the management pack is dependent on one or more management packs that are not in the Import list and are not available in the catalog. To view the missing management packs, click Error in the Status column. To remove the management pack with the error from the Import list, right-click the management pack, and then click Remove.

• The Import Management Packs page appears and shows the progress for each management pack. Each management pack is downloaded to a temporary directory, imported to Operations Manager, and then deleted from the temporary directory. If there is a problem at any stage of the import process, select the management pack in the list to view the status details. Click Close.

After the management pack has been imported using the Import Management Pack wizard, you will notice that there is a new entry for the DFS Replication Management Pack as shown in the screenshot below.

You’re now ready to configure the management pack and setup customizations suitable for monitoring your environment. This will be covered in the next blog post.

-------

Mahesh Unnikrishnan

Protect your files and PC with Windows 7 Backup

Anyone who uses a Windows 7 PC shouldn’t have to worry about losing their files, because Windows 7 provides simple yet flexible backup and recovery solutions that helps protect your system and data. In the coming weeks, we’ll walk you through each step of the process – from configuring backup, restoring your OS, to recovering an entire PC. Stay tuned for the updates!

Special thanks to Sneha Magapu, Neha Agrawal, Vikas Ranjan and Soudamini Sreepada for their contributions to the posts.

Configuring Windows Backup

Have you ever accidently deleted or modified a file and wished you get it back? Or worse, have you ever lost all of the data on your computer because your hard drive failed? Windows 7 aims to help you be well prepared for these situations by making backup easy to discover and simple to use.

Setting up a Backup

Windows reminds you to configure backup

After spending some time personalizing your brand new Windows 7 computer and migrating your data from your old computer using Windows Easy Transfer, it’s a good time to start backing up. Windows will remind you to set up backup through Action Center one week after setting up Windows 7:

1. Choosing a backup location

Setting up backup is as simple as answering 3 questions – where, what and when. By plugging in a suitable external hard drive, the first question is already answered. An AutoPlay dialog will give you the option to use the drive for backup.

By clicking “Use this drive for backup”, you can then proceed to choosing what to backup. Alternatively, you can start configuring backup from the Action Center notification. The configuration starts with the target selection page, which allows you to choose where you save your backups. Windows Backup supports back up to hard disk drive, network share, or CD\DVD.

This page automatically lists all available drives that can be used for backup, and provides recommendation on the best option if more than one is available. You can also add a network location if desired. Note that there are some restrictions on the locations allowed for backup, including locations with size less than 1GB, the drive being the same as the one Windows is installed on, or if the drive is currently locked by BitLocker. If you do not see your backup target listed, click on the help link ‘Guidelines for choosing a backup’ for more information.

There are also pros and cons for choosing different locations for backup. We’ll discuss this in detail later in the post.

2. Choosing what to back up (or let Windows decide for you)

Some users have a hard time deciding what to back up; others would like to be in control. This screen is designed to make it simple for the common case and also allow for customization. By selecting the “Let Windows Choose” option, Windows will back up all libraries (both default and the ones you’ve created yourself) and default Windows folders (AppData, Contacts, Desktop, Downloads, Favorites, Links, Saved Games and Searches) for all user accounts on the computer. If the backup location is formatted with the NTFS file system and has sufficient space, a system image will also be included. This system image is in essence a snapshot of the drives required for Windows to run, which includes your programs, data, and settings. It can be used to quickly recover Windows to a last backed up state, particularly if your hard disk ever stops working. If you’re not sure whether your disk is formatted NTFS, or want to know how to convert it, follow these instructions.

If you have important files stored outside of the above locations or you’d simply like to manage your own backup content, you can use the “Let me choose” option to customize which folders or drives will be included and whether to include a system image.

3. Choosing how often to back up your data

This screen of the wizard summarizes the backup settings, and let you select how often to run backup (or run it on demand). It is best to run backup on a schedule since you can truly “set and forget” – just make sure to schedule at a time that the computer will be turned on and the backup target is available.

As you can see, in 3 easy steps, you’re done configuring backup and can now have the peace of mind knowing that your valuable files are well protected.

Ongoing data protection

Windows Backup runs automatically according to the configured schedule. If at the scheduled backup time the computer is asleep or the target is missing, that backup will be skipped but the next backup will still run according to the schedule.

The first backup created will be a full backup of all selected content, and subsequent backups will include only new or changed files (incremental backup). However, Windows Backup will occasionally create a new, full backup automatically if there has been many changes made to the files protected, such that you will have the option to delete older backups that might have become obsolete. We’ll come back to this topic when we discuss backup space management in a later post.

Once you’ve configured backup, you can find top level information on progress, status, and any relevant notifications through Action Center. The Backup and Restore control panel (accessible from Action Center or Control Panel), on the other hand, will provide more detailed information on your backup status and configurations and it is also where you can do other backup and restore tasks.

Making the most of Windows Backup

Windows Backup is simple to use, yet it provides a lot of flexibility on how you can protect your data and system. Here we’ll discuss a few tips on how to make the most of Windows Backup.

1. Choosing the right target

Windows Backup supports creating backup to internal/external hard disks, flash drives, optical discs, and network share (Professional and Ultimate Editions only). The biggest difference between these targets is the support for system image backup. A system image can be included in the scheduled backup configuration only if you are backing up to network location or hard disks, since space requirement makes it impractical to perform recurring backup to optical media. Also, while hard disks can store multiple versions of system image (newer and older backups), a network location can only store one system image per computer, meaning that as a new system image of your computer is created; the older version will be deleted.

It is possible to create a system image to DVD on an ad hoc basis. We’ll discuss this in detail in an upcoming post specifically on system image backup.

Aside from the support for system image, other considerations may include factors such as price, amount of data to backup, reliability and security. For example, DVDs are light weight and inexpensive, but they may become corrupted over time and also become hard to manage as the number of DVD grows. While internal hard disks support the same functionality as external ones, you cannot store it in a location separate from your computer against disaster or theft. Therefore while we recommend that you save your backup on an external hard drive for the most flexibility, your target of choice may depend on your specific environment and need.

2. Organizing your important data using libraries

Library is a new feature in Windows 7 that provides a consolidated view of local folders located at various locations on the computer for easy access. This also provides a great way to organize your data for backup. Since Windows Backup backs up all local data in libraries by default, any new location added to a library will automatically be backed up without the need to reconfigure Windows Backup. For example, if you just created a new folder on your data drive for the family trip photos and include this folder under the Pictures library, it’ll be backed up automatically the next time Windows Backup runs. Alternatively, you can also create a “backup” library and add all your important data folders to it.

*Note that library folders that are residing on a network location will not be backed up.

3. Securing your backup

There are many ways a backup can be secured. It could be physical security (storing away the backup DVDs) or securing access rights (Windows Backup on hard disks and network share preserves user access controls of files). These are probably good enough measures for a home environment, but might not be enough if you’re on the go where your backup disk might be lost or stolen. In this case, you should secure your backup with BitLocker Drive Encryption (Ultimate Edition only).

You can use BitLocker Drive Encryption to encrypt the drive that you are saving your backup on, or to help protect the drives in your computer that you are backing up. To enable BitLocker, simply go to the BitLocker Drive Encryption control panel, and select “Turn On BitLocker” for the drives you wish to protect.

When a drive is locked by BitLocker, you need to unlock the drive before you can see information about the drive, back up the drive, or save a backup on the drive. Therefore if you’re using BitLocker with Windows Backup, the best option would be to set the drives that you are encrypting to unlock automatically when you log on to the computer. If you do not wish the drives to unlock automatically, you can also unlock a drive manually only when it’s needed for backup.

Your data is important, and Windows Backup is an easy way to help you protect them. It’s a good idea to set it up so you can spend your time exploring and enjoying Windows 7 and not worrying about losing your digital memories or documents. In the following weeks, we’ll discuss system image backup in detail, space management, and the data and system recovery experience of Windows 7. We hope these posts are helpful to you. Please feel free to provide feedback on materials you’d like to see covered or ask questions. We will roll them up into a FAQ at a later time if there’s interest. So post away!

-- Windows Backup team

Installing the DFS Replication Management Pack

In this blog post, let us explore how to install the DFS Replication Management Pack. System Center Operations Manager 2007 R2 is the latest release of the Operations Manager product. Check out this product comparison page for a quick overview of the new features in the SCOM 2007 R2 release. The DFS Replication management pack is also supported on the System Center Operations Manager 2007 SP1 release. The steps required to install and configure the management pack on SCOM 2007 SP1 are largely the same as those on R2 with the exception of a few usability improvements in the R2 release. For the purpose of this discussion, we will consider the SCOM 2007 R2 release.

For an overview of Operations Manager 2007, read this TechNet article.

A few Operations Manager concepts

The basic unit of functionality of all Operations Manager 2007 implementations is the management group. It consists of an installation of Microsoft SQL Server 2005 or Microsoft SQL Server 2008, which hosts the Operations Manager database, the root management server, the Operations console, and one or more agents that are deployed to monitored computers or devices.

Operations Manager Database: The Operations Manager database holds all the configuration data for the management group and stores all the monitoring data that has been collected and processed by the agents.

Root Management Server: The root management server (RMS) is a specialized type of management server in a management group, and it is the first management server installed in a management group. In brief, the RMS is the focal point for administering the management group configuration, administering and communicating with agents, and communicating with the Operations Manager database and other databases in the management group.

Agent: An Operations Manager 2007 agent is a service that is deployed to a computer that you want to monitor. Agents watch data sources (eventlog, performance counters etc.) on the monitored computer and collect information according to the configuration that is sent from the management server. The agent also calculates the health state of the monitored object and reports back to the management server.

Agentless monitoring: It is possible to monitor devices in an agent-less fashion. In this case, a management server performs the monitoring remotely.

Operations Console: The Operations console provides a single, unified user interface for interacting with Operations Manager 2007. The Operations console provides access to monitoring data, basic management pack authoring tools, Operations Manager 2007 reports, all the controls and tools necessary for administering Operations Manager 2007, and a customizable workspace.

Management Packs: Operations management packs (such as the DFS Replication management pack) contain best practice knowledge to discover, monitor, troubleshoot, report on, and resolve problems for a specific technology component. When imported into Operations Manager, they enable the agent to monitor the health of an application, generate alerts when something of significance goes wrong in the application, and take actions in the application and its supporting infrastructure to further diagnose the application or restore it to a healthy state.

For the latest Management Packs and Connectors from Microsoft and Microsoft Partners for Operations Manager 2007, visit the System Center Catalog at http://technet.microsoft.com/en-us/opsmgr/cc539535.aspx.

How Operations Manager works

The above (greatly simplified) diagram illustrates how the Operations Manager product works at a high level. System Center Operations Manager is installed on a Windows Server machine called the management server. The administrator can then select which computers are to be monitored. Operations Manager automatically deploys agents to these monitored computers if the administrator selects agent-based monitoring. For monitored computers that have been configured for agent-less monitoring, the management server performs monitoring remotely.

Administrators can import management packs such as the DFS Replication management pack using the System Center Operations Manager 2007 console. The console then deploys this management pack to the agents on the monitored computers. The knowledge contained in the management pack enables the agent to discover whether the DFS Replication service is installed, discover configuration settings and replication groups/folders etc. on the monitored computer. Further, it enables the agent to monitor the health of the DFS Replication service on these monitored computers, generate alerts if something significant goes wrong and help the administrator diagnose and restore replication to a healthy state.

Installing the management pack

Before installing the management pack, you need to set up the management server. Setting up the Operations Manager infrastructure is outside the scope of this blog post. The following pointers will help you plan and deploy your operations manager infrastructure:

• Planning your Operations Manager deployment:
  • Identifying requirements for Operations Manager 2007
  • Mapping Requirements to a Design for Operations Manager 2007
  • Developing an Operations Manager 2007 Implementation Plan
• Deploying and Configuring Operations Manager 2007:
  • Refer to the Operations Manager 2007 Deployment Guide. Pay close attention to the deployment scenarios outlined in this guide.

The rest of this blog post and following posts explain how to install, setup and configure the DFS Replication Management Pack for Operations Manager 2007.

• To begin, download the DFS Replication Management pack for Operations Manager 2007 from the Download Center. The single file installer installs both the management pack and the management pack guide.
• Install the management pack on the management server (i.e. the server on which you have installed and setup SCOM 2007 R2). The installation process is easy – simply select the destination path to which to install the management pack. By default all management packs are installed to the ‘System Center Management Packs’ folder under Program Files.

• After the installation process completes, the following files are installed on the management server:
  1. EULA: Contains the license terms for the management pack.
  2. Microsoft.Windows.DfsReplication.mp: The DFS Replication management pack.
  3. Microsoft.Windows.DfsrReplication.OM2007Guide.doc: The management pack guide.
  4. README.

That’s it! You’re now ready to import the management pack using the Operations Manager console.

-------

Mahesh Unnikrishnan

DFS Replication Management Pack for Operations Manager 2007 is available

The DFS Replication Management Pack for System Center Operations Manager 2007 is now available for download.

Download the DFS Replication Management Pack

File Name:	DFS Replication Management Pack for Operations Manager 2007.msi
Version:	6.0.6321.0
Date Published:	10/19/2009
Language:	English

About the Management Pack 

The DFS Replication Management Pack for System Center Operations Manager 2007 monitors the health of the DFS Replication service on computers running Windows Server 2003 R2 or Windows Server 2008. This management pack retrieves events generated by the DFS Replication service that indicate the health of the service, replication groups, and replicated folders that are hosted on monitored computers. It also tracks important operational parameters such as the consumption of staging area and the number of replication conflicts generated. The management pack also includes a backlog monitoring view which provides an intuitive dashboard for monitoring replication backlogs.

Supported operating systems:

• Windows Server 2003 R2
• Windows Server 2008

Supported monitoring platforms:

• System Center Operations Manager 2007 SP1
• System Center Operations Manager 2007 R2

Note: This management pack does not monitor the older File Replication Service (FRS).

Installation instructions

The following blog post contains instructions for installing the DFS Replication Management Pack.

-------

Mahesh Unnikrishnan