RE: SBS2003 backup
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Mon, 13 Feb 2006 03:49:36 GMT
Hi Eddie,
Thank you for posting in SBS newsgroup.
I am sorry for the delayed response due to weekend. Please understand that
the newsgroups are staffed weekdays by Microsoft Support professionals to
answer your systems and applications questions. Your understanding is
greatly appreciated!
From the description, I understand the issue to be: you want to know if youcan encrypt backup job on SBS 2003. As I know, you can encrypt the entire
volume for backup.
You can refer to the following KB article:
313277 HOW TO: Use Ntbackup to Recover an Encrypted File or Folder in
Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;EN-US;313277
You can also enable EFS on the backup on the external drive.
How to enable EFS on the backup:
============================
After creating the .bkf file on the external disk drive, we can then
encrypt it.
1. Right click the .bkf file and click Properties.
2. Click the Advnaced button on the General tab.
3. Select "Encrypt contents to secure data" checkbox and click OK.
As we need the EFS private key to decrypt the backup file, we need also
backup the EFS certificate and key specifically. Otherwise, if the system
crashes, we are unable to use the encrypted backup on the external drive.
How to back up your EFS certificate and key:
====================================
1. Open Internet Explorer.
2. Click Tools on the menu bar and select Internet Options.
3. Click the Content tab.
4. In the Certificates field, locate and click the Certificates button.
Verify you are in the Personal tab. There may be several certificates
present depending on whether you have installed certificates for other
purpose.
5. Highlight one certificate at a time until the field entitled
"Certificate Intended Purposes" states "Encrypting File System". This is
the certificate that was generated when you encrypted your first folder.
6. Click the Export button to start the Certificate Export Wizard.
7. Click Next.
8. Select "Yes, export the private key" to export the private key. Click
Next.
9. Leave the Default value of "Enable Strong protection (requires IE 5.0,
NT 4.0 SP4 or above).
10. Click Next.
11. Enter your password. You need a password to protect the private key.
12. Specify the path where you want to save the key. You can save the key
to a floppy, another location on the hard disk, or CD. If the hard disk
fails or is formatted the key and the backup will be lost. If you back up
the key to a floppy or CD it must be stored in a secure location. You will
need to give the backup file a location. Click Next once you have
specified the destination.
Note: Do not backup your EFS keys onto the same hard drive where you are
storing the actual backup. Make sure you backup the keys to other media
(floppy disk) and keep that in a safe place.
The following are good information on EFS:
The Windows Server 2003 Family Encrypting File System
http://www.msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecur
e/html/WinNETSrvr-EncryptedFileSystem.asp
Encrypting File System in Windows XP and Windows Server 2003
http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx#XS
LTsection127121120120
223316 Best Practices for the Encrypting File System
http://support.microsoft.com/?id=223316
308993 HOW TO: Remove File Encryption in Windows XP
http://support.microsoft.com/?id=308993
324897 HOW TO: Manage the Encrypting File System in Windows Server 2003
http://support.microsoft.com/?id=324897
Regarding restoring the SBS backup to a different hardware platform, as I
know, the hardware must be similar for a restore. This rule can be applied
to ALL Windows OS not only SBS. Here, I would like to explain this. When we
use SBS 2003 server backup, the system state will be archived. The system
state includes AD database, IIS metabase, registry, hardware information
and drivers etc. If you restore the system state to a different hardware,
the spare server could not operate because the original registry and
drivers do not match the hardware abstract layer (HAL) of the destination
server.
Actually, we do not support restoring a Windows system including SBS 2003
on a different hardware. If you do that, you may not be able to boot up the
server after the restoration. You may experience other unexpected issues
(such as unexpected shutdown) even though you can start the server.
I am appreciated your time and look forward to hearing from you.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: SBS2003 backup
|| From: =?Utf-8?B?RWRkaWUgS2lyd2Fu?= <Eddie
Kirwan@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: SBS2003 backup
| Date: Fri, 10 Feb 2006 04:44:27 -0800
|| Newsgroups: microsoft.public.windows.server.sbs
| |
| Does anyone know if it is possible to encrypt backup jobs in sbs2003?
| I have a client who is worried about someone getting one of his backup
tapes
| and being able to restore his data to their server.
|
.
- Prev by Date: Re: GPO only applies after gpupdate /force
- Next by Date: RE: <<SMTP protocol event sink>>
- Previous by thread: Company Web
- Next by thread: My Document Redirection Problem
- Index(es):
Relevant Pages
|
