Dark Developments Where Knowledge Meets Power


D#B Backup&Recovery Notes [PART4]: WSUS, WDS & TS

Posted by Dark#Basics

Windows Server Update Services (WSUS) provides a software update service for Microsoft Windows operating systems and other Microsoft software. WSUS is a locally managed system that works with the public Microsoft Update website to give system administrators more control. By using Windows Server Update Services, administrators can manage the distribution of Microsoft hotfixes and updates released through Automatic Updates to computers in a corporate environment.

WSUS - Backup
A backup from the configuration can be made from within the CLI. The CLI-tool itself exports all the metadata of the service. It isn't possible to make a backup of the updatefiles, update-approvals and the other settings. If you really want to make a backup of these files it's possible by using the Windows Server Backup-role.

wsusutil.exe export <location>.cab

WSUS - Restore
Recovery of the WSUS-settings can be done with wsusutil, this will load the settings into the service.

wsusutil.exe import <localtion>.cab


Windows Deployment Services is a technology from Microsoft for network-based installation of Windows operating systems. It is the successor to Remote Installation Services. WDS is intended to be used for remotely deploying Windows Vista, Windows 7 and Windows Server 2008, but also supports other operating systems because unlike its predecessor RIS, which was a method of automating the installation process, WDS uses disk imaging, in particular the Windows Imaging Format (WIM). WDS is included as a Server Role in all 32-bit and 64-bit versions of Windows Server 2008, and is included as an optionally installable component with Windows Server 2003 Service Pack 2.

WDS - Backup
Backup of the WDS-settings is not possible with GUI or console. It is possible to preform a backup from the WDS-images with for ex. Robocopy.

WDS - Recovery
Recovery of the images can be done through the Windows Deployement Services Snap-in and choosing the Add Image Group option.

Remote Desktop Service, formerly known as Terminal Services, is one of the components of Microsoft Windows (both server and client versions) that allows a user to access applications and data on a remote computer over a network, using the Remote Desktop Protocol (RDP). Terminal Services is Microsoft's implementation of thin-client terminal server computing, where Windows applications, or even the entire desktop of the computer running terminal services, are made accessible to a remote client machine. The client can either be a fully-fledged computer, running any operating system as long as the terminal services protocol is supported, or a barebone machine powerful enough to support the protocol (such as Windows FLP). With terminal services, only the user interface of an application is presented at the client. Any input to it is redirected over the network to the server, where all application execution takes place. This is in contrast to appstreaming systems, like Microsoft Application Virtualization, in which the applications, while still stored on a centralized server, are streamed to the client on-demand and then executed on the client machine. Microsoft changed the name from Terminal Services to Remote Desktop Services with the release of Windows Server 2008 R2 in October 2009. RemoteFX is being added to Remote Desktop Services as part of Windows Server 2008 R2 SP1.

TS - Backup
Just like WSUS there isn't an available method to export the important data. In case of Terminal Services the important data is the database of the license server. In the license server, as the name says, the lincenses of the published applications are stored.

The best way for Terminal Services is the use of the Windows Server Backup and selecting the System State and the TS Licensing database.

TS - Recovery
When there is a System State backup available with the TS Licensing database it is possible to restore this service with System Recovery or even a Bare Metal recovery.

Source :



D#B Backup&Recovery Notes [PART3]: Printer Services, IIS, NPS and ADCS

Posted by Dark#Basics

Printer Services

Printer Services - Backup

Making backups of the network printer services is really handy. When for some reason the service needs to be reinstalled on another server you will be able te restore lost of settings and drivers.
When preforming a backup of the Printer Services you'll backup the configurations and the drivers for all the configured printers.

A backup can be made by the CLI-tool Printbrm. It's a CLI-tool that is only available when you install the Printer Services-Role on that server. The tool enabled us to not only preform a backup but also to migrate to a new server.

Exporting the drivers and configuration can be done with the following syntax.

Printbrm -B -F <filename>.<extension>

The allowed extensions are .cab and .printerExport .

Printer Services - Recovery

A recovery can be done with the same CLI-tool using following syntax or by using the Printer Services Management Snapin.

Printbrm -r -F <filename>.<extension>


Internet Information Services (IIS) – formerly called Internet Information Server – is a web server application and set of feature extension modules created by Microsoft for use with Microsoft Windows. It is the most used web server after Apache HTTP Server: As of March 2010, it served 22.7% of all websites on the Internet. IIS 7.5 supports HTTP, HTTPS, FTP, FTPS, SMTP and NNTP. It is an integral part of Windows Server family of products, as well as all editions of Windows Vista and Windows 7, although some features are not supported on client versions of Windows. IIS is not turned on by default when Windows is installed.

IIS - Backup

Making a backup of all the IIS-settings like application pool configurations, bindings,... (this does not include the websites) can be done by the integrated IIS-CLI tool called appcmd.

appcmd add backup <filename>

If you want to make sure that the websites are also available for restore I suggest you use Robocopy for these website folders (ex.: wwwroot).

IIS - Recovery

Recovering the settings is as easy as preforming the backup with the CLI-tool.

appcmd restore backup <filename> /stop:false


Network Policy Server (NPS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server and proxy in Windows Server 2008. NPS is the replacement for Internet Authentication Service (IAS) in Windows Server 2003.

As a RADIUS server, NPS performs centralized connection authentication, authorization, and accounting for many types of network access, including wireless and virtual private network (VPN) connections. As a RADIUS proxy, NPS forwards authentication and accounting messages to other RADIUS servers. NPS also acts as a health evaluation server for Network Access Protection (NAP).

Active Directory Certificate Services (AD CS) provides customizable services for issuing and managing public key certificates used in software security systems that employ public key technologies. AD CS is available as a server role in Windows Server 2008 and Windows Server 2008 R2.

NPS & ADCS - Backup
Exporting ADCS can be done with the certutil CLI-command. When using this command the whole database en the certificate is exported to the location specified.

certutil -backup -p "<apassword>" -f -seconds -v <destination>

NPS can be exported using netsh, the NPS-configuration will be exported to an XML-file.

netsh nps export filename=<filename>

NPS & ADCS - Recovery
Recovering the ADCS configuration and certificate can be done with certuril.

certutil -restore <filename>

Recovering the NPS configration by using the XML-file can be done by using netsh or the Network Policy Server GUI.

netsh nps import filename=<filename>



D#B Backup&Recovery Notes [PART2]: DNS, DHCP & GPO’s

Posted by Dark#Basics


The Dynamic Host Configuration Protocol (DHCP) is an auto configuration protocol used on IP networks. Computers that are connected to IP networks must be configured before they can communicate with other computers on the network. DHCP allows a computer to be configured automatically, eliminating the need for intervention by a network administrator. It also provides a central database for keeping track of computers that have been connected to the network. This prevents two computers from accidentally being configured with the same IP address.

DHCP - Backup
Making a backup of DHCP is handy for the configuration of the pools (range, subnet,...) and the reserved IP's. DHCP servers permit you to reserve an IP address for a client. This means that the specific network client will have the same IP for as long as you wanted it to.

A backup can be done through CLI with the netsh-command.

netsh dhcp server dump > <filename>

DHCP - Recovery
Running a recovery of the DHCP-settings can be done with the exact same CLI-command.

netsh exec <filename>

Do note that it's also possible to preform a recovery from the DHCP Management snap-in.









DNS - Backup
DNS-records can be dumped to a file using the dnscmd-command. If DNS is integrated in the domain controller a backup of the DNS records can be made with dnscmd but also with the System State backup (Previous Paper).

dnscmd /zoneprint <zonename> > <filename>

DNS - Recovery
Recovering the DNS-records can be done with the same CLI-command.

dnscmd /zoneadd <zonename> /primary /file <filename> /load


Group Policy is a feature of the Microsoft Windows NT family of operating systems. Group Policy is a set of rules which control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications and users' settings in an Active Directory environment. In other words, Group Policy in part controls what users can and can't do on a computer system. Although Group Policy is more often seen in use for enterprise environments, it is also common in schools, smaller businesses and other kinds of smaller organizations. Group Policy is often used to restrict certain actions that may pose potential security risks, for example: to block access to the Task Manager, restrict access to certain folders, disable the downloading of executable files and so on.

GPO's - Backup
Backup of the GPO's can be done with two methods. The first one is through the System State backup, second method is by using VBScript's. These VBScript's are originally created for Windows Server 2003 when the Group Policy Management Console was installed.

These scripts are not available by default in Windows Server 2008 but can be downloaded from the Windows Download Center. With one of these scripts it is possible to preform a full backup of the GPO's.

cscript.exe BackupAllGPOss.wsf <destination>

GPO's - Recovery
GPO's can be recovered using various methods. First method is by using the Group Policy Management snap-in and selecting the Manage Backups option.

The second method is by using another VBScript called RestoreAllGPOs.

cscript.exe RestoreAllGPOs.wsf <location>