D#B Backup&Recovery Notes [PART3]: Printer Services, IIS, NPS and ADCS

Posted by Dark#Basics

Printer Services

Printer Services - Backup

Making backups of the network printer services is really handy. When for some reason the service needs to be reinstalled on another server you will be able te restore lost of settings and drivers.
When preforming a backup of the Printer Services you'll backup the configurations and the drivers for all the configured printers.

A backup can be made by the CLI-tool Printbrm. It's a CLI-tool that is only available when you install the Printer Services-Role on that server. The tool enabled us to not only preform a backup but also to migrate to a new server.

Exporting the drivers and configuration can be done with the following syntax.

Printbrm -B -F <filename>.<extension>

The allowed extensions are .cab and .printerExport .

Printer Services - Recovery

A recovery can be done with the same CLI-tool using following syntax or by using the Printer Services Management Snapin.

Printbrm -r -F <filename>.<extension>


Internet Information Services (IIS) – formerly called Internet Information Server – is a web server application and set of feature extension modules created by Microsoft for use with Microsoft Windows. It is the most used web server after Apache HTTP Server: As of March 2010, it served 22.7% of all websites on the Internet. IIS 7.5 supports HTTP, HTTPS, FTP, FTPS, SMTP and NNTP. It is an integral part of Windows Server family of products, as well as all editions of Windows Vista and Windows 7, although some features are not supported on client versions of Windows. IIS is not turned on by default when Windows is installed.

IIS - Backup

Making a backup of all the IIS-settings like application pool configurations, bindings,... (this does not include the websites) can be done by the integrated IIS-CLI tool called appcmd.

appcmd add backup <filename>

If you want to make sure that the websites are also available for restore I suggest you use Robocopy for these website folders (ex.: wwwroot).

IIS - Recovery

Recovering the settings is as easy as preforming the backup with the CLI-tool.

appcmd restore backup <filename> /stop:false


Network Policy Server (NPS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server and proxy in Windows Server 2008. NPS is the replacement for Internet Authentication Service (IAS) in Windows Server 2003.

As a RADIUS server, NPS performs centralized connection authentication, authorization, and accounting for many types of network access, including wireless and virtual private network (VPN) connections. As a RADIUS proxy, NPS forwards authentication and accounting messages to other RADIUS servers. NPS also acts as a health evaluation server for Network Access Protection (NAP).

Active Directory Certificate Services (AD CS) provides customizable services for issuing and managing public key certificates used in software security systems that employ public key technologies. AD CS is available as a server role in Windows Server 2008 and Windows Server 2008 R2.

NPS & ADCS - Backup
Exporting ADCS can be done with the certutil CLI-command. When using this command the whole database en the certificate is exported to the location specified.

certutil -backup -p "<apassword>" -f -seconds -v <destination>

NPS can be exported using netsh, the NPS-configuration will be exported to an XML-file.

netsh nps export filename=<filename>

NPS & ADCS - Recovery
Recovering the ADCS configuration and certificate can be done with certuril.

certutil -restore <filename>

Recovering the NPS configration by using the XML-file can be done by using netsh or the Network Policy Server GUI.

netsh nps import filename=<filename>