Windows Recovery with Winternals Recovery Manager 2.0
not
Recovery Manager's pricing varies by the number of consoles needed and the number of target machines for which recovery information is needed. But the price won't exceed $400 per target server, or $70 per console. While Recovery Manager is by no means cheap, it's a great value, especially when compared with the costs for rebuilding machines from scratch or backups!
Winternals Software principals Mark Russinovich and Bryan Cogswell—both computer scientists from Carnegie Mellon University—are deeply in-the-know about Windows systems internals, flaws and foibles. They also understand what's involved in fixing and recovering from potential Windows gotchas. In fact, Russinovich is the co-author of one of the best books about Windows' inner workings, Inside Microsoft Windows 2000, Third Edition (Microsoft Press, 2000). His book remains the best explanation of Windows internals around, and it's a nonpareil exploration of what goes on under the Windows hood.
System builders already familiar with other Winternals products--or free utilities from its sister company, Sysinternals.com--understand that these developers use their knowledge about Windows to inspect, report on, and protect systems from potential problems. The products also provide tools to recover Windows systems from crashes. These include Winternals' well-known centralized Administrator's Pak v5.0, which includes the ERD Commander tool (ERD stands for Emergency Repair Disk), NTFDOS Professional, Crash Analyzer Wizard, and much more.
In this TechBuilder Recipe, I'll show you how to install and use Winternals Recovery Manager 2.0. Not only does this program capture key operating system files and settings, but it also snapshoots program files, user registry settings, and user or application data. The program also defines sets of files and settings, called Recovery Sets, which can be scheduled for capture to a console/server at regular intervals. Typically, the most recent such set of items—called a Recovery Point—provides the basis for recovery if and when needed. For those system builders who also maintain systems for their customers, Recovery Manager can be a godsend. For those system builders who seek to supply their customers with the best-outfitted servers and workstatations, it's a must-have.
Using Recovery Manager 2.0, you can create and store Recovery Points on individual machines for mobile PC users. This will let you recover files and data even when you're not on the same network as a recovery console. Mobile clients combined with Recovery Manager's Client Boot disk (which system builders can easily construct for their customers) can still boot and recover themselves, as long as their laptop or notebook PC remains able to boot from a CD. Recovery Manager can also protect any system that uses TCP/IP protocols. Because files or other items in Recovery Points can be accessed at will, Recovery Manager can even roll back damaged or accidentally deleted files to whatever state they occupied in their most recent snapshot.
Finally, Recovery Manager can create a Recovery Point for a crashed or failing Windows machine. The machine's contents can be compared with earlier, working Recovery Sets to determine which files or Registry settings have changed. For troubleshooting or diagnosing system problems, this is invaluable.
Ingredients
If you're interested in trying out Recovery Manager 2.0 for yourself, request a free 30-day evaluation CD from Winternals. It's available online from this Winternals page. You will also need the following components:
- One or more PCs running either Windows XP, Windows Server 2003, or Windows 2000 (any version, SP4 or higher).
- Access to an administrative login on the Recovery Schedule console PC. Also, a local or domain-level administrative login for all client machines.
- A console PC—Recovery Manager's control center—with a 900 MHz x86 compatible CPU (or faster); at least 256 MB of RAM (512 MB or more is recommended); 10 Mbps or faster network interface; 100 MB of disk space for Recovery Manager Schedule Console; and more hard disk space for Recovery Point file storage (1-2 GB is recommended).
- A Recovery Manager client PC with a 233 MHz x86 compatible CPU (or faster); 128 MB of RAM (256 MB or more is recommended); 10 Mbps or faster network interface; and 10 MB of disk space (more for mobile clients). In addition to the other Windows OS versions listed, the Recovery Manager Client also runs on Windows NT 4.0 SP6a.
- A working network connection between a Recovery Manager Schedule Console PC and at least one Recovery Manager Client PCs. This will be used to test the console's ability to manage clients across a network.
With all of these ingredients in hand, you can get started on the recipes as soon as you receive your evaluation CDs. Starting with installation, you can then step through several common Recovery Manager tasks and activities.
Installing Recovery Manager: Known Issues
Installing Recovery Manager is extremely easy, thanks to its clever use of the well-known InstallShield toolset. That said, I did encounter a couple of snags. On my first target machine for the Recover Schedule Console--from whence one manages recovery snapshots and recovery activities for an entire network--the Windows Registry was sufficiently corrupted that the program wouldn't install properly. The helpful support technician I consulted by telephone suggested that I try another machine, rather than spelunking into the Registry to find and fix whatever caused the install of the Microsoft SQL Server Desktop Engine (aka MSDE) to fail. Switching to another system worked and saved substantial time, so it became my path to a working installation.
A second installation snag resulted from a memory lapse on my part: I forgot that you cannot use Recovery Manager to snapshoot or recover the system on which the Recovery Schedule Console software is installed. I designated this machine as a recovery client, only to be politely informed by the software at the conclusion of the install process that this was not a legal option. Otherwise, the install went fine.
10 Steps to Installing Recovery Manager
- Navigate to the root of the Recovery Manager install CD, then double-click on the file named setup.exe This opens InstallShield and starts the Installation Wizard. Click through a welcome screen, accept a license agreement, and then click on the radio button next to Complete Install, as shown below.
- Unless you need to change the default location (it's in a subdirectory named \Winternals\Recovery Manager 2 in %programfiles%), click Next to proceed, as shown below. For trial (and most production) installs, the default directory works just fine.
- Recovery Manager needs access to a SQL Server database to store its recovery set definitions and other data. If you can't point the software at an existing SQL Server database, leave the default radio button that installed the Microsoft SQL Desktop Engine (MSDE) checked, as shown below. After this, Recovery Manager installs MSDE and Recovery Manager, then chunks through a number of screens, to complete installation of the Recovery Manager.
- Actually using Recovery Manager requires defining at least one Recovery Schedule. This, in turn, requires running the Recovery Schedule Console. That's why this is the final installation step, as shown below. The Recovery Schedule Console runs automatically during install. Also, the installer is smart enough to look for at least one recovery schedule; if the installer doesn't find one, it automatically launches the program.
- This first-time automatic invocation of the Recovery Schedule Console launches the New Schedule Wizard, which lets you set up a Recovery Point Schedule. First, you'll see a welcome screen. Then you'll see a sequence of screens that allow you to name and describe a schedule, define the schedule, and specify an account for creating Recovery Points on target machines. This should be either a domain level administrator account or a generic administrative local machine account. All this information is shown below in a completely filled-out schedule settings screen.
- Schedules fall into one of two modes: a standard network-attached machine that can be presumed to have ready access to the Recovery Console machine, or mobile machines (such as laptops and notebooks) that sometimes are on the network, sometimes operating standalone. Most system builders will create a simple, once-a-week schedule, then tell their customer administrators to tailor that schedule to fit their needs. It's typical to define one recovery schedule for standard machines--attached to the network, as shown below--and another for mobile machines.
- The next option permits the installer to pick from four pre-defined Recovery Sets for capture: System, Program Files, User Settings, and User Data. In most cases, it makes sense to pick all four.
- You can elect to install the Recovery Manager agent on client machines, and to pre-install the Recovery Manager Boot Client software on those machines, too. Though only the first setting is selected by default, it's a good idea to use both settings, as shown below.
- Click the checkboxes next to individual machines to designate them for recovery. But don't designate the Recovery Console as the host, as Recovery Manager can't recover that machine. Next, you'll be asked to specify Boot Client permissions for mobile mode computers. Here, it makes sense to allow all checkboxes to be selected, as shown below.
- Now you can elect to save Boot Client files to individual systems. Even though this consumes 150 MB of disk space, it's a good idea for both networked desktops and mobile systems. Click the checkbox as shown below.
That concludes the Recovery Manager set-up and Boot Client file handling. Defining a Custom Recovery Set
Next, I'll show you how to define a custom Recovery Set to capture machine- or user-specific data using Recovery Manager. By default, Recovery Manager captures four Recovery Sets:
- System: System files, system settings, and boot files.
- Program Files: Files in the %programfiles% directory and all subdirectories.
- User Settings: All user Registry settings.
- User Data: Files from the Documents and Settings directory trees for each user account, plus all dependent subdirectories.
Custom Recovery Sets allow files from other volumes or directories to be captured as well. This way, application and user data outside these items can be recovered when necessary.
Here are the steps to create a Custom Recovery Set using Recovery Manager's Recovery Set Editor:
- Launch the Recovery Set Editor by opening the Recovery Manager Console. Click Start, All Programs, Winternals Recovery Manager, and then Recovery Schedule Console. When the Recovery Schedule Console opens, right-click on the Recovery Sets entry, as shown below. Then select Recovery Set Editor as shown in the pop-up menu.
- Inside the Recovery Set Editor, you can navigate to your target machine and use its controls to select either volumes or directories for capture inside named and unique custom Recovery Sets. This shows up below in a set with a description of "Book and Magazine article files, personal files."
- Click the Extensions tab to select file extensions from the directories you'll designate as targets. The shot below shows a set that captures common document, spreadsheet and image files types. It's easy to designate files to capture by type from target volumes and directories.
- Click the Files tab to call up a browser interface. This lets you select target volumes and directories for inclusion in a custom Recovery Set. The shot below shows that I selected two directories (and subfolders) as capture targets, including personal files and files related to magazines and other publications. Browsing and checkboxes make it equally easy to include volumes and directories into custom Recovery Sets.
Once custom Recovery Sets are defined, they become available for selection in the regular Recovery Schedule Console and Recovery Center menus in Recovery Manager. This makes them easy to use--and easy to include when you're specifying and working with Recovery Sets later.
Creating a Boot Client Image
Next we'll build a bootable CD from which Windows users can start the recovery process using Recovery Manager. This really means creating a Boot Client image file that includes key system files, settings, configuration data, and so forth, then burning that image to CD. Recovery Manager can handle the creation of generic Boot Client images. But note, these images use only drivers supplied with the Windows media for a given OS. Recovery Manager can also let users specify drivers that are not included with the Windows media, such as when machines require SATA RAID or disk drivers to start up.
Here's how to create a Boot Client image file after Recovery Manager has already been installed. (You can also do this during the installation process, but those details vary only slightly from what's covered here.) First, you must use the companion program to the Recovery Schedule Console, known as the Recovery Center. This is the same tool used to perform a recovery when one is needed. The process is simple:
- Launch the Recovery Center. To do this, click on Start, All Programs, Winternals Recovery Manager, and then Recovery Center.
- Click the Maintenance menu. Then select Create Boot Client, as shown below.
- A wizard leads you through all subsequent steps. As shown below, if you need to point at driver files for SCSI or SATA drives, you are prompted to do so during this process. (One of my systems uses SATA RAID drives, and the process worked flawlessly for that machine.) The next screen also lets you supply NIC drivers that aren't included on the Windows media, in the same way.
- It's a good idea to pre-install the Boot Client software on target machines, even though this requires dedicating about 150 MB of disk space for staging the image file for later installation. This process is handled by the wizard screen shown below. The total process typically takes a couple of minutes to complete. Note that the checkbox next to "Save Boot Client files" must be selected to keep a local copy handy for preinstallation, which I highly recommend.
When the right Boot Client image is available for staging to selected target clients, the files necessary for booting will be copied to those machines as part of deploying the Recovery Manager agent to those machines. The process is completely straightforward. It works like a charm, as long as the image you construct includes all the right drivers. (I highly recommend testing before doing a widescale deployment.) You can even instruct the Boot Client routines to burn a CD from the image, because Winternals includes the necessary tools in the software.
Using Recovery Manager for System Recovery
Once you've created a Recovery Set schedule and have successfully captured one or more Recovery Points, restoring to an existing Recovery Point is absurdly easy. You need only use Recovery Center to identify those machines whose Recovery Sets you wish to restore. Then initiate the restore process by clicking the Roll Back Systems icon.
In the following steps, I assume that recovery is to be applied to a system that's running normally. (The details vary only slightly for systems booted up from a Boot Client image or CD.) I also assume that the most recent recovery point is to be applied. Here are the steps:
- Launch Recovery Center: Click Start, All Programs, Winternals Recovery Manager, and then Recovery Center.
- From the default All Computers Selection view, pick the machine you wish to recover. Do this by clicking the check box to the left of where the machine is listed, as shown below.
- Go to the Recovery section of the left-hand task pane (also shown above), and click Roll Back Systems. You're done!
Recovering systems to earlier Recovery Points is only slightly more complicated. Click the Recovery Points tab in the Selected Computer pane, as shown at the bottom right of the last image above. You'll get access to a complete list of all Recovery Points stored for that machine. By default, the most recent point is always selected, but you can scroll through the list and pick an earlier one. Then, in the task pane, click Roll Back Systems.
You can also apply this technique to define recovery for multiple machines. Do this by clicking more than one computer in the Selection view: pane. Then manage Recovery Point selection on a per-computer basis in the Selected Computer pane.
ED TITTEL is a technology writer who has contributed to more than 100 computer books; a trainer; and a consultant who specializes in IT certification and information security, with a special emphasis on Windows desktops. He has no commercial ties to any of the products mentioned in this Recipe.