Backup Notes – Windows 7, VSS, TrueCrypt

2013-05-19 Updated

2012-01-01 Initial Post

Windows 7 Ultimate SP1 (x86 and x64)

I started using this a few months ago and it works really well. When I was using XP, I had made up my own backup batch file using XCopy and other commands. That batch file didn't work well with Windows 7, so that's when I started using Windows 7 Backup. And I'm glad I did. Sometimes things don't work and then I find something better, like when my old printer broke and I ended up getting a Canon PIXMA MX350  wireless all-one-device which has worked out so much better.

SYSTEM IMAGE BACKUP

For the system image backup, what it does is creates a VHD (virtual hard disk) file which is the format used by Microsoft virtualization technology. The VHD is an image of the hard drive and the idea behind this is similar to Symantec Ghost and the like. A full-sized VHD that's pretty much the same size as the data on the volume being backed up is first created and then the files are copied to it. A system image backup can be created on another volume/partition that's on the same hard disk as the system volume.

For my test, I created the image backup on the root of a separate internal hard drive, D:. You cannot select a subfolder, only a drive (local or network). So the folder structure that was created by Backup is this: D:\WindowsImageBackup\Win7-E310 where Win7-E310 is the computer name. The VHD file is buried under that and is located at D:\WindowsImageBackup\Win7-E310\Backup 2011-12-29 193950\c4eaacf5-31cd-11e1-92d6-806e6f6e6963.vhd. It looks like the VHD is named after the GUID of the source disk volume. There are also a bunch of other subfolders and files under D:\WindowsImageBackup\Win7-E310. Note that the folder structure doesn’t get created right away. Windows first starts the VSS (Volume Shadow Copy Service) process and then creates the folder structure to store the backup files. It took ~10 minutes to back up a 20 GB image between two internal SATA 1.5 GB/s disks.

One cool thing I noticed is that 7-Zip can view VHD files. I was able to browse the VHD and copy a file from it to my desktop. I'm not sure if Windows is able to do that out-of-the-box.

I tried to restore the system image to the same drive by first booting from a USB thumb drive I had made using Windows 7 USB/DVD download tool and a Windows 7 Ultimate SP1 x86 ISO file. It looked like it was going to work but then I got the “parameter is incorrect (0x80070057)” error. I searched for that error and found the post below which had a resolution; the resolution was to boot from a Windows 7 DVD/System Repair Disc.

It looks like the system image restore does not work unless you boot from a Windows 7 DVD because the restore sees any connected USB or other external drives and errors out. The image restore seems to have worked correctly in my test, but that’s because I restored to the same exact hard drive. From reading the post linked below, there might be issues or more steps involved if restoring the image to a different hard drive such as when your original hard drive goes bad and you get a replacement hard drive.

I was able to successfully run a system image restore in May 2013 after the primary hard drive in a Dell Dimension 9200 / XPS 410 died. I had a scheduled system image backup running every Sunday at 7:00 PM to a secondary internal hard drive. I was able to boot from a Windows 7 DVD and select that system image. There was ~146 GB of data and it took ~1 hour to complete. I was pleasantly surprised that everything came back up fine afterwards. Here's info on the system:

  • Hardware: Dell Dimension 9200 / XPS 410
  • Primary HDD:  Seagate Barracuda ES.2 ST3250310NS (this is the one that died)
  • Replacement Primary HDD: Western Digital WD Green WD5000AZRX (this is what I restored the system image to)
  • Secondary HDD: Samsung SP2504C (this contained the system image backup)
  • OS: Windows 7 Ultimate SP1, x86

This link mentions some issues with the system image restore: http://answers.microsoft.com/en-us/windows/forum/windows_7-system/system-image-created-ok-but-image-restore-failed/6c0bdd98-78dc-4410-a002-3695b988b27d

See http://windows.microsoft.com/en-US/windows7/Restore-your-computer-from-a-system-image-backup for more info on the system image restore process.

DATA BACKUP

I select my profile folder directly, e.g., C:\Users\SysAdmin-E, rather than selecting the libraries.

For my data backup, I back up to a network share on my XP desktop and do it manually rather than have it scheduled because the XP desktop is not on all the time. I have a dedicated hard drive on the XP desktop for the backup share and that entire drive is encrypted with TrueCrypt. I have the drive (TrueCrypt volume) automatically mount at startup using a Windows Scheduled Task running at system startup and pointing to a batch file with the TrueCrypt commands below (edited to remove personal info of course).

REM Updated 2011-12-26
REM Automatically mount \Device\Harddisk1\Partition1 as E: and share two folders.
REM Create as a startup task.
"C:\Program Files\TrueCrypt\TrueCrypt.exe" /v \Device\Harddisk1\Partition1 /lE /a /p SomeReallyComplexPassword /k C:\SomeMiscFile.dat /q
NET SHARE BackupRemotePersonal=E:\BackupRemotePersonal
NET SHARE BackupRemoteWork=E:\BackupRemoteWork

The XP computer’s main drive, C:, is encrypted with Utimaco SafeGuard Easy (SGE). I use SGE because I can configure it to not prompt me to enter a password when it boots up. That allows me to remotely reboot the computer and have it come up on its own. Since my C: drive is encrypted, I’m not concerned that I have a plain text batch file with my TrueCrypt password in it.

Here are some misc notes about the backup process:

• If you've redirected your My Documents and other folders to another location, Backup is smart enough to backup from the redirected location. I have My Documents redirected to a second partition on my laptop, X:. When I run a backup of my user profile, it does backup up the My Documents from X:. I'm not sure what would happen if the redirection was to a network share and the network share wasn't available during backup.

•The backup settings are not specific to a Windows user profile and you actually need to run the backup as an admin. So I can log on with one account and configure and run the initial backup and then later on I could log on with another account and run the same backup. I'm not sure why admin permission would be required--how would a regular user ever be able to run a backup?

• Once you configure the backup job, any user account that's logged on can run the backup job as long as the user has, or can provide, administrator credentials and if the account has permission to source and target backup locations. So let's say that JSmith and RDoe share the same computer and are both local admins and both have full permission to a share named \\server01\backups. JSmith creates a backup job to backup C:\users\JSmith\ to \server01\backups. If RDoe logs on, he can run that backup job because 1.) he's a local admin so by default has permission to all local folders/files, and 2.) he has full permission to the target share/folder.

• It uses VSS. VSS allows all files, even if they’re opened, to be backed up. Basically, it does this by locking the file system so that no changes can be made to any files until the backup has completed. Any changes during the backup are written to a special area and then after the backup those changes are actually written to the regular file system. So with VSS, as of the exact backup time, the source and backup are consistent (the same). The source file could change 1 second after the backup is complete, so that's why I mentioned that the consistency is only as of the exact time of the backup (there could +/- a few seconds or whatnot, but you get the point).

When a backup is done with the operating system or application running, it’s known as a “hot backup.” In the old days before VSS and similar technology, it wasn’t easy to do a hot backup and some apps or the OS itself had to be shut down for the backup to be consistent.

Note that even if a file is backed up with VSS, it doesn’t mean that the data in the file is consistent. For example, if you had an application that had a database running, VSS will back up the database file, but it won’t know enough about the application and database to ensure that the data is consistent. Third-party vendors can interface with VSS so that it can back up their applications in a consistent state.

If you want to ensure a consistent backup of your personal programs (I’m thinking probably QuickBooks and the like), close them before the backup starts. Out of the box, Windows can only ensure that the Windows operating system-related files (and maybe some other popular Microsoft apps like Access) are backed up in a consistent state.

• There's no option in the Backup and Restore interface to select which type of backup (full, incremental, differential, etc.) to perform. Windows manages all that and what it does is takes a full backup first and then each subsequent backup is an incremental. It'll also take a full back up as necessary such as when you made a lot of changes and an incremental would end up being just as large as a full backup. Unless you make some major changes, the incremental backups will be very small compared to the initial full backup. I run CCleaner to clean up my system before each backup so that the backup sizes are smaller.

• You can select to "manage space" and delete older backups versions.

• Creates a top-level folder with the same name as the computer name. So if you backup all your computers to \\Server01\BackupShare\ there would be a folder created for Computer01, Computer02, etc.

• Creates a folder for each backup set (full backup only) and then subfolders under that to hold the actual backup files. In the example folder structures below, I backed up two computers. Computer01 didn’t have many changes, so the second backup was an incremental and thus added to the original backup set. Computer02 had a lot of changes made so the second backup was a full backup and resulted in a new backup set.

Computer01
-- Backup Set 2011-12-26 003433 <-- Original full backup set
|--- Backup Files 2011-12-26 003433 <-- Original full backup files
|--- Backup Files 2012-01-01 000523 <-- Incremental backup files added
Computer02
-- Backup Set 2011-12-25 232547 <-- Original full backup set
|--- Backup Files 2011-12-25 232547 <-- Original full backup files
-- Backup Set 2011-12-31 232235 <-- New full backup set
|--- Backup Files 2011-12-31 232235 <-- New full backup files

• The top-level folder (the one named after the computer), has a special icon because of the settings in its Desktop.ini file, below.

[.ShellClassInfo]
DirectoryClass=WindowsBackupFolderOptions
IconResource=%SystemRoot%\system32\sdclt.exe,-5501

• Under each “Backup Files xxx” folder are zip files. There will be as many zip files as needed, e.g., Backup files 1.zip, Backup files 2.zip, etc. It looks like Windows limits each zip file size to ~200 MB. If you don't use the Backup and Restore interface, you can actually open up each zip file and get to your data. For the zip files of the incremental backups, they’ll only contain files that were changed. For the example above for Computer01, the zip files under “Backup Files 2012-01-01 000523” would only contain files that were changed since “Backup Files 2011-12-26 003433.” But for Computer02, “Backup Files 2011-12-25 232547” and “Backup Files 2011-12-31 232235” contain all the files for their respective full backup sets.

I like the fact that I can actually look into the zip files to retrieve my backup data without having to use Windows Backup and Restore. On my XP computer that hosts the backup shares, I’m able to open the zip files and copy the backup contents.

For some general info on Windows 7 data file backups, see http://windows.microsoft.com/en-US/windows7/Back-up-your-files.

2 Responses to “Backup Notes – Windows 7, VSS, TrueCrypt”

  1. lol Says:

    whats the point of using truecrypt if you have the password for encrypted volume stored on disk?

  2. SysAdmin-E Says:

    Hi lol,

    Did you see the part here: The XP computer’s main drive, C:, is encrypted with Utimaco SafeGuard Easy (SGE). I use SGE because I can configure it to not prompt me to enter a password when it boots up. That allows me to remotely reboot the computer and have it come up on its own. Since my C: drive is encrypted, I’m not concerned that I have a plain text batch file with my TrueCrypt password in it?

Leave a Reply

*