Dark Developments Where Knowledge Meets Power


D#B Backup&Recovery Notes [PART3]: Printer Services, IIS, NPS and ADCS

Posted by Dark#Basics

Printer Services

Printer Services - Backup

Making backups of the network printer services is really handy. When for some reason the service needs to be reinstalled on another server you will be able te restore lost of settings and drivers.
When preforming a backup of the Printer Services you'll backup the configurations and the drivers for all the configured printers.

A backup can be made by the CLI-tool Printbrm. It's a CLI-tool that is only available when you install the Printer Services-Role on that server. The tool enabled us to not only preform a backup but also to migrate to a new server.

Exporting the drivers and configuration can be done with the following syntax.

Printbrm -B -F <filename>.<extension>

The allowed extensions are .cab and .printerExport .

Printer Services - Recovery

A recovery can be done with the same CLI-tool using following syntax or by using the Printer Services Management Snapin.

Printbrm -r -F <filename>.<extension>


Internet Information Services (IIS) – formerly called Internet Information Server – is a web server application and set of feature extension modules created by Microsoft for use with Microsoft Windows. It is the most used web server after Apache HTTP Server: As of March 2010, it served 22.7% of all websites on the Internet. IIS 7.5 supports HTTP, HTTPS, FTP, FTPS, SMTP and NNTP. It is an integral part of Windows Server family of products, as well as all editions of Windows Vista and Windows 7, although some features are not supported on client versions of Windows. IIS is not turned on by default when Windows is installed.

IIS - Backup

Making a backup of all the IIS-settings like application pool configurations, bindings,... (this does not include the websites) can be done by the integrated IIS-CLI tool called appcmd.

appcmd add backup <filename>

If you want to make sure that the websites are also available for restore I suggest you use Robocopy for these website folders (ex.: wwwroot).

IIS - Recovery

Recovering the settings is as easy as preforming the backup with the CLI-tool.

appcmd restore backup <filename> /stop:false


Network Policy Server (NPS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server and proxy in Windows Server 2008. NPS is the replacement for Internet Authentication Service (IAS) in Windows Server 2003.

As a RADIUS server, NPS performs centralized connection authentication, authorization, and accounting for many types of network access, including wireless and virtual private network (VPN) connections. As a RADIUS proxy, NPS forwards authentication and accounting messages to other RADIUS servers. NPS also acts as a health evaluation server for Network Access Protection (NAP).

Active Directory Certificate Services (AD CS) provides customizable services for issuing and managing public key certificates used in software security systems that employ public key technologies. AD CS is available as a server role in Windows Server 2008 and Windows Server 2008 R2.

NPS & ADCS - Backup
Exporting ADCS can be done with the certutil CLI-command. When using this command the whole database en the certificate is exported to the location specified.

certutil -backup -p "<apassword>" -f -seconds -v <destination>

NPS can be exported using netsh, the NPS-configuration will be exported to an XML-file.

netsh nps export filename=<filename>

NPS & ADCS - Recovery
Recovering the ADCS configuration and certificate can be done with certuril.

certutil -restore <filename>

Recovering the NPS configration by using the XML-file can be done by using netsh or the Network Policy Server GUI.

netsh nps import filename=<filename>



D#B Backup&Recovery Notes [PART1]: Active Directory

Posted by Dark#Basics

Active Directory


With Windows Server 2003 you can make a backup with NTBackup and the corresponding GUI. With this tool it's possible to make a backup from the System State of the machine. System State holds every setting, registry entries, Active Directory and other important system files that can recover a crashed server. In Windows Server 2008 R2 NTBackup this tool isn't available anymore and has been replaced with the Windows Server Backup role. Before you can perform a backup with Windows Server Backup, you have to install the feature, using either Server Manager, or the SERVERMANAGERCMD command-line utility.

servermanagercmd -install Backup-Features

If you are installing Windows Server Backup on a Windows Server 2008 Server Core installation, use the OCSETUP command (it's important to note that the OCSETUP command is case-sensitive):

ocsetup WindowsServerBackup

System state backups, which include only select files and some application databases (rather than entire volumes) is handy and often essential. But early builds of Windows Server 2008 didn't support system state backups and restores. Instead, the backup tool just backed up critical system volumes (meaning any volumes necessary for recovering and rebooting the OS and key applications). These critical system volumes were the volume-oriented equivalent of a system state backup. You can only perform a system state backup using the WBADMIN.EXE command-line program—the MMC snap-in doesn't provide this option. To perform a system state backup, you use this command:

wbadmin start systemstatebackup -backuptarget:<destination>

With this created image you can do a System State recovery. However if you want to be safe and be able to preform a bare metal recovery you'll have to use the allcritical option when running a System State backup.

wbadmin start backup -allcritical -backuptarget:<destination>

Recovery of System State

If you need to recover from some sort of Active Directory-related problem—such as recovering a deleted OU from backup—you should restore the Active Directory Domain Services (ADDS) database to an earlier state, rather than restore the entire system. Even though you can stop ADDS like a service in Windows Server 2008, you still need to boot the server into Directory Services Restore Mode (DSRM) to perform a system state restore on a domain controller. You can boot in Recovery Mode using the BCEDIT-command.

bcdedit /set safeboot dsrepair

Before you use WBADMIN to start a system state restore, you must identify the backup from which you want to restore. WBADMIN can perform a system state restore from either a full system backup, a backup that contains just the critical system volumes, or a system state backup. In any of these cases, you have to specify the version of the backup you want to use.

wbadmin get versions

wbadmin 1.0 - Backup command-line tool

(C) Copyright 2004 Microsoft Corp.
Backup time: 22/2/2007 5:58 PM
Backup target: Fixed Disk labeled Backup(E:)
Version identifier: 12/03/2007-00:58
Can Recover: Volume(s), File(s), Application(s), Bare Metal Recovery, System State

After selecting the backup for you System State backup we'll start the process.

wbadmin start systemstaterecovery -version:12/03/2007-00:58

When the backup is done don't forget to remove the Recovery Flag that we set in the beginning.

bcdedit /deletevalue safeboot

Bare Metal Recovery

When preforming a Bare Metal recovery you will have to boot form the CD-ROM. But instead of clicking on Install Now, you'll have to select the Repair My Computer option, can be found in the lower left corner of the window. When you are asked to select a recovery mode, you'll have to pick Windows Complete Restore.






Followed by this you will have to select the correct backup image from which you will restore the system. It is also possible to select a network share, USB-drive,.. by using the Restore a different backup option and selecting the Advanced button. You can set additional parameters for the recovery: format all drives, restart after recovery, setup drivers,... in the next screen of the wizard.







After that just browse through the wizard and select Finish. You'll system will start the recovery process.