Just as you need to perform planning before disaster strikes, you also need to perform certain predisaster preparation procedures. These procedures ensure that you are able to recover systems as quickly as possible when a disaster strikes and include the following:
Backups
Automated System Recovery (ASR) disks
Boot disks
Startup and recovery options
Recovery Console
You should perform regular backups of every Microsoft Windows Server 2003 system. Backups can be performed using several techniques. Most organizations choose a combination of dedicated backup servers and per-server backups. If you use professional backup software, you can use one or more dedicated backup servers to create backups of other servers on the network, and then write the backups to media on centralized backup devices. If you use perserver backups, you run backup software on each server that you want to back up and store the backup media on a local backup device. By combining the techniques, you get the best of both worlds.
With dedicated backup servers, you purchase professional backup software, a backup server, and a scalable backup device. The initial costs for purchasing the required equipment and the time required to set up the backup environment can be substantial. However, once the backup environment is configured, it is rather easy to maintain. Centralized backups also offer substantial time savings for administrators, because the backup process itself can be fully automated.
With per-server backups, you use a backup utility to perform manual backups of individual systems. The primary tool for performing per-server backups is the NT Backup utility, which is discussed in Chapter 41. Because this tool is included with Windows Server 2003, there is no initial cost for implementation. However, because you perform per-server backup manually, in the end the process requires more time than using centralized backup servers.
Unlike Microsoft Windows NT and Windows 2000, Windows Server 2003 doesn't use Emergency Repair Disks. Instead, Windows Server 2003 uses ASR disks. Every Windows Server 2003 system should have an ASR disk. ASR disks contain essential information that can be used in conjunction with a tape backup of your local system partition to recover a failed system. This information includes essential system files, partition boot sector information, the startup environment, and Registry data. This means that you can use the ASR disk to fix system files, the boot sector, the startup environment, and the Registry.
Whenever you install new services, components, or applications on a server, it's a good idea to make an ASR backup before and after you make the change. The pre-installation backup of the ASR can be used to help you recover the system if something goes wrong during or immediately after the installation. The post-installation backup of the ASR should be created when you are sure that the installation has worked and the system is stable. The ASR then records the current configuration of the server, so that the server can be recovered to its current state.
You create and use the ASR disk as discussed in the section entitled "Backing Up and Restoring the Registry". When you create an ASR backup of a system, only part of the information is written to the ASR disk. The rest of the information is written to backup media. This means that to create an ASR backup you need a blank floppy disk and a backup tape. When you later want to recover a system using Automated System Recovery, you need the ASR floppy disk and the ASR backup media. The recovery process restores the full configuration of the server, including environment settings, shares, and other options you've set.
If you're wondering what exactly is on the ASR floppy disk, you can look after creating an ASR backup. You'll find the following three files:
Asr.sif A setup information file that details the disks, partitions, and volumes on the system as well as the computer name and the location of the backup media used
Arpnp.sif A setup information file that contains information on the plug-and-play devices installed on the system
Setup.log A log file that contains a list of all the system files that were backed up
Tip
Keep multiple copies of the ASR disk
Just as you keep multiple backups of data, you should keep multiple ASR disks. Floppy disks are cheap, so you might as well use a new one each time and keep several versions of the ASR disk handy. The ASR disk and the ASR backup media should be clearly labeled so that you know which ASR disk goes with which set of ASR backup media.
With Windows Server 2003, you can use boot disks to help you recover from common boot problems. When it comes to specific information needed to boot a system, you'll find that using a boot disk to recover a system is often faster than trying to use ASR. Unlike boot disks for some previous versions of Windows, which allowed you to get to a command prompt, this type of boot disk allows you to fully boot the system so that you can log on the way you normally would, and then make the necessary repairs.
Boot disks can be helpful if a system has the following problems:
A virus infection in the master boot record
A missing or corrupt boot (Ntldr or Ntdetect.com) file
A Boot.ini file with bad entries
Because a boot disk contains a system's Boot.ini file, each system should have its own boot disk. However, you can create one boot disk for systems with identically configured boot partitions. That is, if every system has the boot partition on the same controller, SCSI bus adapter, disk, and partition, all the systems can use the same boot disk.
A boot disk is not an MS-DOS startup disk, and you don't need to format the boot disk as an MS-DOS startup disk. To create a boot disk, follow these steps:
Insert a blank floppy disk into the system's floppy drive.
At the command prompt, type format a:.
Copy the Ntldr and Ntdetect.com files from the i386 folder of the Windows Server 2003 CD-ROM to the floppy disk.
Copy the Boot.ini file from the system drive to the floppy disk.
In a typical scenario for using a boot disk, you try to boot a system and startup fails, telling you that Ntldr or Ntdetect.com is missing or corrupted. The system may also tell you that you have a bad boot device. Although this could happen because the boot sector or the master boot record is corrupted, it can also happen because the Boot.ini file is pointing to the wrong device. In any of these situations, you could boot the system using the boot disk, and then use the files on the boot disk to repair the system, in the following ways:
If Ntldr or Ntdetect.com were corrupted, you would copy the Ntldr file from the boot floppy disk to the system drive.
If Boot.ini had bad entries, you could edit the Boot.ini file so that it pointed to the correct boot device.
If you suspected that the master boot record has been corrupted by a virus, you could run a virus checker on the disk immediately. You should also make sure that the antivirus program has an up-to-date virus definitions file.
As part of planning for the worst-case scenarios, you need to consider how you want systems to start up and recover in case a stop error is encountered. The options you choose can add to the boot time or they can mean that if a system encounters a stop error it does not reboot.
You can configure startup and recovery options by completing the following steps:
Access Control Panel, and then start the System utility. On the Advanced tab, click Settings in the Startup And Recovery panel. This displays the dialog box shown in Figure 40-1.
In the Startup And Recovery dialog box, you configure the settings as follows:
If a server has multiple operating systems, you can set the default operating system by selecting one of the operating systems in the Default Operating System list. These options are obtained from the operating system section of the system's Boot.ini file.
When multiple operating systems are installed, the Time To Display List Of Operating Systems option controls how long the system waits before booting to the default operating system. In most cases, you won't need more than a few seconds to make a choice, so reduce this wait time to perhaps 5 or 10 seconds. Alternatively, you can have the system automatically choose the default operating system by clearing this option.
When you install the Recovery Console, the operating system uses the Time To Display Recovery Options When Needed setting to determine how long to wait for you to choose a recovery option. The default wait time is 30 seconds. If you don't choose a recovery option in that time, the system boots normally without recovery. As with operating systems, you won't need more than a few seconds to make a choice, so reduce this wait time to perhaps 5 or 10 seconds.
Under System Failure, you have several important options for determining what happens when a system experiences a stop error. By default, the Write An Event To The System Log option is selected so that the system logs an error in the system log. The option is dimmed, so it cannot normally be changed. The Send An Administrative Alert option sends an alert over the network to administrators. The Automatically Restart option is selected to ensure that the system attempts to reboot when a stop error occurs.
Note
In some cases, you may want the system to halt rather than reboot. For example, if you are having problems with a server, you may want it to halt so that an administrator will be more likely to notice that it is experiencing problems. Don't, however, prevent automatic reboot without a specific reason.
The Write Debugging Information options allow you to choose the type of debugging information that should be created when a stop error occurs. In most cases, you will want debug information to be dumped, so that you can use it to determine the cause of a crash.
By default, dump files are written to the %SystemRoot% folder. If you want to write the dump file to a different location, type the file path in the Dump File box. Select the Overwrite Any Existing File option to ensure that only one dump file is maintained.
Click OK twice to close all open dialog boxes.
The Recovery Console was introduced with Windows 2000. Using the Recovery Console, you can boot a system to display a recovery command prompt and resolve many common startup problems by using commands that are built into the console. You can perform the following recovery tasks:
The recovery command prompt is a secure command prompt from which you have access to any drives that are formatted with FAT, FAT32, or the NTFS file system (NTFS). However, unlike a standard command prompt, the recovery command prompt only gives you access to the root folder of drives, the %SystemRoot% folder and its subfolders, and removable media drives. In addition, although you can copy files from a floppy disk to a hard disk or from one hard disk to another, you cannot copy files from a hard disk to a floppy disk. The security restrictions are enforced through Group Policy.
Speaking of security, the Recovery Console is referred to as a secure command prompt because you must log in to access it. On systems that are not domain controllers, you use the local system administrator password. For domain controllers, the required password is the directory services restore password.
Inside Out: Use Group Policy to configure Recovery Console security
Several policies in Group Policy control the way security in the Recovery Console works. The first policy is Recovery Console: Allow Automatic Administrative Logon, which, if enabled, allows automatic logon to the Recovery Console, meaning that you do not need to know the system administrator password. The second is Recovery Console: Allow Floppy Copy And Access To All Drives And All Folders, which, if enabled, removes the copy and folder access restrictions, meaning that you will be able to copy files to floppy disks and access any folder on any drive. You'll find these policies in the Computer ConfigurationWindows Settings Security SettingsLocal PoliciesSecurity Options folder. Typically, you will want to set these options for specific machines, using either Local Security Policy or Domain Controller Security Policy rather than site, domain, or organizational unit policy.
You have two options for using the Recovery Console. You can preinstall it on systems or you can run it from the Windows Server 2003 CD-ROM. When you preinstall the Recovery Console, it becomes a startup option that you can use. You must use an account that is a member of the Administrators group to install the Recovery Console.
To install the Recovery Console as a startup option, complete the following steps:
With the Windows Server 2003 CD in the CD-ROM drive, click the Start menu, and then click Run. This displays the Run dialog box.
Type d:i386winnt32.exe /cmdcons in the Open box, where d is the CD-ROM drive.
Click OK. You are prompted as shown in Figure 40-2. Click Yes to continue.
Setup will then copy some files from the installation CD. The Recovery Console is then installed as a startup option.
If a computer won't start and you haven't installed the Recovery Console as a startup option, you can start the computer and access the Recovery Console by completing the following steps:
Boot from the Windows Server 2003 CD or Setup disk. Press F10 while Windows Setup is loading (before it displays menu options) or press R after Setup gives you the startup options.
Press C to access the Recovery Console. When prompted, type the required password. If the system is not a domain controller, this is the local system administrator password. For domain controllers, this is the directory services restore password.
When the system starts, you'll see a command prompt at which you can type Recovery Console commands. To exit the console and restart the computer when you are finished, type exit.
The Recovery Console is run in a special command prompt. At this prompt, you can use any of the following commands:
ATTRIB Changes the attributes of a file or folder.
BATCH Executes a series of commands set in a text file and sends the output to the command prompt or another text file.
BOOTCFG Allows you to restore the default Boot.ini file, rebuild the boot list, and perform other operations to modify the Boot.ini file.
CD Changes the current directory. Note that in the Recovery Console this command behaves a bit differently from what you may be used to, so if a directory path contains a space, enclose the path in quotation marks.
CHKDSK Runs the Check Disk utility, which allows you to check for and repair disk errors. You can also mark bad sectors on disks.
COPY Copies a single file to another location.
DEL Deletes a file. Note that this command doesn't accept wildcard characters, so you can't use the asterisk (*).
DIR Displays a directory listing.
DISABLE Disables a system service or a device driver.
DISKPART Manages partitions on hard disk drives.
ENABLE Starts or enables a system service or a device driver.
EXIT Exits the Recovery Console and restarts your computer.
EXPAND Expands a compressed file.
FIXBOOT Writes a new partition boot sector to the boot partition. This can be used to fix a corrupt boot sector.
FIXMBR Repairs the Master Boot Record (MBR) on the boot partition. This can be used to fix a damaged MBR that is preventing Windows Server 2003 from starting.
Caution
Don't use the FIXMBR command if you suspect that the MBR is infected with a virus. Instead, you should boot the system and check for viruses. Make sure the antivirus program has an up-to-date virus definitions file. If the MBR is corrupted as a result of the virus infection, you should be able to start the system using a boot disk, as discussed in the section entitled "Creating and Using Boot Disks" earlier in this chapter.
FORMAT Formats a disk.
HELP Displays a list of Recovery Console commands.
LISTSVC Lists the services and drivers available on the computer as well as their startup types. The information listed comes from the %SystemRoot%System32ConfigSystem hive file. If this file has been corrupted, the service information will not be available.
LOGON Lists all detected installations of Windows and allows you to log on with the local service administrator password. If you log on incorrectly three times, the Recovery Console will exit and the computer will restart.
MAP Lists the drive letters and their mappings to physical devices as well as the associated file system types and partition sizes.
MD Creates a directory.
MORE Displays the contents of a text file one page at a time.
RD Removes an empty directory. Note that the command doesn't accept wildcard characters, so you can't use the asterisk (*), and the command will fail if the directory has contents.
REN Renames a single file in the current folder. You cannot specify a new file path or drive path.
SET Allows you to display and set the following Recovery Console environment variables:
AllowWildCards—Makes it possible to use wildcard characters in the Recovery Console—in which case the caveats described above with some of these commands (such as RD) don't apply any longer.
AllowAllPaths—Makes it possible to access all folders
AllowRemovableMedia—Makes it possible to copy files to removable media devices
NoCopyPrompt—Makes it possible to overwrite files while copying without prompting for confirmation
Note
Group Policy also controls whether you can use the SET command. To allow the use of the SET command, you need to configure and enable the Enable The Set Command For The Recovery Console policy in the ConfigurationWindows SettingsSecurity Settings Security Options folder. Typically, you want to set these options for specific machines, using either Local Security Policy or Domain Controller Security Policy rather than site, domain, or organizational unit policy.
SYSTEMROOT Changes to the %SystemRoot% directory.
TYPE Displays the entire contents of a text file.
Once you've made any necessary changes or repairs, you use the EXIT command to quit the console and restart the computer.