Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to BACKUP user profiles with Backup Application?

Posted on 2009-05-14
15
Medium Priority
?
406 Views
Last Modified: 2013-11-21
Hi people!

I am creating TS environment with redirected folders and roaming user profiles, but as those directories are user-specific, can someone please guide me how can I backup them?

I am using COBIAN backup software which runs as a service.


Thank you.
0
Comment
Question by:mrmut
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 5
15 Comments
 
LVL 6

Accepted Solution

by:
Kentrix70 earned 1500 total points
ID: 24390596
Are you using group policies for redirecting the folders?
Then you should look at the policy "Add the Administrators security groupe to roaming users profiles".
It should be located under Computer Config/Admin Template/System/User Profiles/Policy.

With this policy the administrators group is allowed access together with the user and the local system account.
The only issue is, that your backup service should then run with domain admin rights - I don't know if your security policy allows that.
If it doesn't please tell me, and I will try to think of another solution.
0
 

Author Comment

by:mrmut
ID: 24390995
Great, this works! :)

OK regarding policies, I create them. - Will probably lock down the Admin account anyway.

Also - every user-specific folder also has SYSTEM as full access, so that can also be used for backup program.
0
 

Author Comment

by:mrmut
ID: 24391073
Hm.

Something is wrong. :| - I've linked the GPO at the root of the domain, and it didn't propagate.

Should I enforce the link?

Tried a few times - deleted entire profiles and redirected users folders.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:mrmut
ID: 24391270
Can it be that this GPO is not applied to Folder Redirection?

If that is so, that could be the reason why this doesn't work. - Folders are redirected to different shared folder, and when I enable this policy the settings from directory above just propagate down meaning that anyone can access user data. If I remove the policy, delete the folders and create something logged in as a user (terminal server) folders are locked again.

I've checked everything I could think of, many times.

->Any suggestions?
0
 

Author Comment

by:mrmut
ID: 24391745
(+ What I've found later is that this kind of GPO is not applied directly on GPUPDATE, or GPUPDATE /FORCE, but some time period must pass before being applied. Don't know why.)
0
 
LVL 6

Expert Comment

by:Kentrix70
ID: 24392741
Does that mean, that your problem is solved,
or is there still issues to be dealt with.
0
 

Author Comment

by:mrmut
ID: 24393284
Well, yes and no.

Your method doesn't work, as it applies to roaming user profiles and not correctly to redirected folders. However you did stimulate thought upon what I've found that LOCAL SYSTEM does have full access to every directory, but there is additional problem that LOCAL SYSTEM might not have access to local shares which again renders backup only half-usable, and that is the same for the question.

Thank you for the help.
0
 

Author Closing Comment

by:mrmut
ID: 31581718
This solution works on roaming profiles, but also renders newly created user-specific redirected folders as readable for everyone.
0
 
LVL 6

Expert Comment

by:Kentrix70
ID: 24393420
I always set "everyone" to have full control on shares, and then use security on file and folder level (NTFS file system).

You could use the share-name \\<servername>\<driveletter>$ to access the files and folders to backup.
In that way, you should have access to all the files.
I am afraid it would need you to use an account with domain admin rights though.

/Kent.
0
 
LVL 6

Expert Comment

by:Kentrix70
ID: 24393467
If you want, I can try to help figure out a better solution for your backup,
but then you need to provide more information about the infrastructure.
How many servers to backup.
How shares are configured etc.

/Kent
0
 

Author Comment

by:mrmut
ID: 24394080
Wow, that woudl be great! |-)
I am the client location, will get back to the EE site in about an hour.
0
 

Author Comment

by:mrmut
ID: 24395409
Here I am;

The setup:

There are two machines, servers 2003.
Both are DC, DNS, DHCP, WINS, etc, for redundancy.
Both are Terminal Servers, with the difference that one TS is for external users (people form other companies that use software on TS), and the other one is designates as a Thin Client TS.

I would like to backup stuff from Server1 to Server2, adn from Server2 to Server1 in two ways:

- ordinary incremental/full backup to a backup dir
- additional backup that will once a nigh sync stuff between servers, so if one server fails, other one could replace it in shortest time.

As user profiles are owned by a specific user, only that user can access it + a system service. If I make Allow Admin access to user profile, I get users redirected folders open by NTFP permissions, which is a bad thing.

So - I would like to be able to set-up a COBIAN backup, whose service app is by default run by SYSTEM, but I don't know if SYSTEM will have access to shared folders from other server.

Have I put it OK? - Need anything more?

Thank you Kent.
0
 
LVL 6

Expert Comment

by:Kentrix70
ID: 24395683
Could you please read this link

http://support.microsoft.com/kb/288991/

It seems like if you are not using the setting "Grant user exclusive right...."
the autocreated folders security is inherited from the parent folder,
and the the user is of course added.

So if your parent folder has the correct permission, giving you the access you need,
everything should work, and your security should be ok.

I think that would be the best solution for you.

If this is not what you want, please let me know.
0
 

Author Comment

by:mrmut
ID: 24400543
I am testing this - will report back.

Thank you!
0
 

Author Comment

by:mrmut
ID: 24400575
Mr. Kent, this works like a charm.

Thank you very much!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
"Any files you do not have backed up in at least two [other] places are files you do not care about."
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question