|
|
© 2001 − 2021, Dr. Jürgen Rathlev |
Tips and tricks
Overview
To increase the integrity of your personal data, it is strongly recommended
to move the folders provided by the Windows system, for example Documents,
Music and Pictures, from their original location on the system drive C:
to a different partition on a separate drive.
A possible hardware configuration could consist of an SSD drive for the system and installed
applications (a size of 256 or 512 GB would be sufficient) and an additional conventional
hard drive (with a size of 1 or 2 TB) for your personal data.
By this means, your data will be widely protected from system crashes. If the system
fails for any reason, for example after an update, it is very easy to recover the
system partition from a
disk image.
The data partition will be unaffected by this and will be available instantly.
This will be the case even if the system must be installed completely anew.
An additional backup of your data using Personal Backup, for example
on an external drive, is in any case recommended.
Find more information about
how to move your personal data.
After updating to Windows 10 (1903), an issue has arisen affecting a backup to be
performed automatically on logoff or shutdown.
The backup starts, but among other things the progress window is not visible because the system enables the
lock screen (more details).
Because of this, an alternate method is described below. You must create an
appropriate Desktop shortcut (see below) which will be used to logoff or shutdown
the computer instead of the On/off function from the Windows Start Menu.
Double-clicking this shortcut will first perform the provided backups and then,
depending on your selection, logoff or shutdown the system.
Procedure
- Preparation
All backups to be performed in this way require the option By request
in the dialog for Time-controlled automatic backups.
Backups already set up as to be started on logoff, should also be
changed to this option.
- Desktop shortcut
Then, open the dialog Create a shortcut on the desktop
from the Control panel and define the
Action after backup, for example Shutdown. To select the tasks
to be performed, click the small button at the upper right of the
shortcut dialog and
select All "By request" from the list. The status window should be set
to Close automatically. Finally, you should assign an appropriate shortcut name
such as Backup and shutdown and click the OK button
to create the Desktop shortcut.
Of late, ever more news items are published reporting malware (so-called
Ransomware) that maliciously encrypts a user's data and demands a ransom in
return for the decryption key.
Unfortunately a simple backup is not capable of preventing such attacks
because it too can be maliciously encrypted and hence cannot be used to
restore the data.
As reported, the currently-rampant malware program Locky does not encrypt
all file types but unfortunately the information about this varies. It seems
that gze files used by Personal Backup by default for encrypted backups are
not affected and so should not be corrupted, but it is uncertain whether this
will remain the case in the future. The list of file types not affected can
change at any time. You should not rely on any current immunity and instead,
take other actions.
The best way to protect your data from such malware is to preclude any
access to the backup files, e.g. by backing up to an external drive that is
not permanently connected to the computer. In this case the user has to
connect the drive every time before making a backup. This can be very
inconvenient but the method should always be used when performing a
"backup of a backup". This is not required every day, but should be done
periodically. If you want to protect your backups also from other risks
(fire, burglary, etc.), you should deposit the backup medium in a safe
place.
There are other safe ways for carrying out daily backups that can be used
for internal and permanently-connected external drives. An essential
requirement is to format these drives in NTFS (Windows default). In this case
access can be adjusted by setting suitable user permissions: the currently
logged-on user should have permission only to read the backup directory, so
that no program started by this user can write into this directory. To
perform a backup you can then use one of the following methods:
- Start the backup using another user account which has the required write
permissions (see below under 1. and 2.) or
- Temporarily increase user write permissions (see below under 3.).
Important prerequisite: The logged-on user must not have administrator
rights. Unfortunately this is not established by default during Windows
installation, hence the settings for the relevant users accounts must be
changed manually. The following configuration is recommended:
- Activate the default administrator account and assign a password
- Add another administrator account using the
user's password for additional security and program installation.
- Downgrade all other accounts to standard user.
For all normal activities on your computer (mail, internet, text
processing, image processing, etc.) administrator rights are not required. If
a program is to be installed, the Windows user access control will pop up
automatically and prompt for a temporary logon as administrator (see above
under 2.).
Important preliminary note: The following descriptions were compiled
carefully, but the author assumes no responsibility for the topicality,
correctness, completeness or quality of the information provided. Every user
should be aware of the risks involved in changing system settings.
Liability claims against the author whether material or non-material
caused by the use of the information provided shall be rejected.
It is assumed for the following description that the backup is to be made
to a directory on drive F:, e.g. F:\Backup. If desired, you can replace the
drive letter with any other applicable to your system. To understand the
procedure, it is important to know that permissions of a parent directory are
automatically passed to all its child objects (files and subdirectories). In
our example the directory F:\Backup will inherit permissions from its parent
directory F:\. Because permissions for F:\Backup and its subdirectories are
to be amended, inheritance of this directory must first of all be turned off.
How this can be done is described below in detail.
There are several ways to perform a protected backup on a local drive:
- Automatic backups using Windows Task Scheduler
The user logs on with an administrator account (see above) and creates for
example the backup directory F:\Backup. Then, a new standard user account
only for performing the backups is created (Control Panel – User Accounts),
with for example the account name BackupUser. This user needs
read access to all data to be backed-up
and write access to the backup directory.
Change permissions of directories to be backed-up:
- Right click on a directory to be backed-up and select Properties – Security
- Click Edit…
- Click Add…, insert the name of the newly-created backup user BackupUser
and click OK twice
Change permissions of the destination directory:
- Right click on the destination directory F:\Backup and select
Properties – Security
- Click on Advanced and Change Permissions
- Windows 7: Deselect Include inheritable permissions from this object's parent
and select Add in the following prompt, then click OK
- Windows 8 and 10: Click Block Inheritance and in the following
prompt Convert inherited permissions into explicit permissions on this object,
then click OK
- Click Edit… on the Security page
- Retain the settings for SYSTEM and Administrators
- Click on the group Users, if this group does not exist click Add...
to create a new entry. Permissions are to be restricted to Read & execute
and List folder contents. There must be no permissions
to Full control, Modify and Write.
- Click on Authenticated users (if existing) and Remove
- If there are more user accounts listed, they must also be removed
- Click Add…, insert the name of the newly-created backup user BackupUser
and click OK
- Check Modify in the list of Permissions for Users and click
OK twice
The backup must then be configured for the destination directory in the
normal way. Take care that the task is saved into a directory where the
backup user has write permissions. After this, the backup task is to be
added to the list of Windows Scheduled Tasks
(see here).
Insert the name and the password of the newly-created user BackupUser
under User account
.
- Starting the backup manually by using another user account
Personal Backup since version 5.8 contains the additional program
PbStarter which can be used
to configure backups started under a different user account in a very comfortable way
(detailed description).
Another way is to use the Windows command RunAs.
As described above, at first create a new user account only for backup and
then change permissions for the destination directory. On configuring the
backup task, take care that it is saved into a directory where the backup
user has write permissions.
Then open the Windows Command prompt window or type the
Windows-R key and insert the following line:
- Windows 32-bit with Personal Backup 32-bit or
Windows 64-bit with Personal Backup 64-bit:
- runas /user:Backup "%ProgramFiles%\Personal Backup 5\PersBackup.exe /i:pb <task>"
- Windows 64-bit with Personal Backup 32-bit:
- runas /user:Backup "%ProgramFiles(x86)%\Personal Backup 5\PersBackup.exe /i:pb <task>"
Replace <task> by the full path of the backup task to be executed.
After inserting the password for the user (in this case BackupUser),
Personal Backup will be started under this account and the specified backup task
will be opened. To start the backup, click the Start button.
For simplification you can insert the above line into a batch file to start the
backup. By adding the command line option /force, the backup will be
started immediately without opening the desktop.
Important note: This procedure cannot be used for automatic backups.
- Starting the backup manually or via a desktop shortcut using changed permissions
In this case the backup will be performed using the account of the logged-on
user. For reasons mentioned above, this user must have only read
permissions on the destination directory. These permissions are to be
raised temporarily only for the time the backup is running so that the user
may write to that directory. The following issue could be problematic: due
to inheritance (see above) before and after the backup, all permissions of
the files in the backup directory must be changed and, if there are many
files, this will need some time. The following procedure is similar to that
described in 1.
The user remains logged on under his normal account and creates the backup directory
to be used F:\Backup after which, permissions of the destination directory are adjusted:
- Right click on the destination directory F:\Backup and select
Properties – Security
- Click on Advanced and Change Permissions
- Windows 7: Deselect Include inheritable permissions from this object's parent
and select Add in the following prompt, then click OK
- Windows 8 and 10: Click Block Inheritance and in the following
prompt Convert inherited permissions into explicit permissions on this object,
then click OK
- Click Edit… on the Security page
- Retain the settings for SYSTEM and Administrators
- Click on the group Users, if this group does not exist click Add...
to create a new entry. Permissions are to be restricted to Read & execute
and List folder contents. There must be no permissions
to Full control, Modify and Write.
- Click on Authenticated users (if existing) and Remove
- If there are more user accounts listed, they must also be removed
- Click Add…, insert the name of the logged-on user and click OK
- Uncheck Full control and Modify in the list of Permissions for Users
and click OK twice
The backup must then be configured for the destination directory in the normal way.
For the adjustment of permissions before and after the backup, the
External programs option must be used.
Insert the following command lines:
Before backup:
%sysdir%\icacls.exe %dest% /grant:r %username%:(OI)(CI)M
After backup:
%sysdir%\icacls.exe %dest% /grant:r %username%:(OI)(CI)RX
After saving the backup task it can be started either manually or by creating
a desktop shortcut.
Important note: This procedure cannot be used for an automatic backup at
logoff or shutdown because in this case the execution of external programs
is disabled by the Windows system. Instead of using the Windows start
button to shut the computer down, you can use a
desktop shortcut to
Personal Backup to do so. On creating this shortcut, select Power off as
Action after backup. In contrast, a time-scheduled backup or a backup after
logon is possible.
To start a backup automatically when an external drive is connected to the
computer via USB, the program
AutoRunner
is required. After downloading the setup file, the program must be installed as described on the
AutoRunner website.
To start a backup using this program, follow these steps:
- After connecting the external drive, first the backup must be configured
and stored as a task file (e.g. usb-1.buj). It would then be advisable to start the
backup once manually to prove that everything functions as expected.
- After this, a small batch file must be created using any text editor (e.g.
Notepad). The file contains depending on the installation only one line:
- Personal Backup 32-bit version:
- Windows XP:
- "%ProgramFiles%\Personal Backup 5\PersBackup.exe" <path>\usb-1.buj /force /hide /quiet
- Windows 7/8/10 (32-bit):
- "%ProgramFiles%\Personal Backup 5\PersBackup.exe" <path>\usb-1.buj /force /hide /quiet
- Windows 7/8/10 (64-bit):
- "%ProgramFiles(x86)%\Personal Backup 5\PersBackup.exe" <path>\usb-1.buj /force /hide /quiet
- Personal Backup 64-bit version:
- Windows 7/8/10 (64-bit):
- "%ProgramW6432%\Personal Backup 5\PersBackup.exe" <path>\usb-1.buj /force /hide /quiet
<path> should be replaced by the path of the buj file. Save this batch file
in the root directory of the external drive (e.g. StartPb.bat).
- Then start the AutoRunner program and add a new start object selecting
the batch file just created for this.
- Trigger (File): ?:\StartPb.bat
- Command: c:\Windows\System32\cmd.exe
- Parameter: /c ?:\StartPb.bat
- Remove the external drive.
Now whenever the external drive is reconnected, the batch file and consequently
the backup will be started automatically.
Note: If you have any problems on executing this procedure, for example
if you specified an invalid path, you should replace the option /c in Parameter
by /k for debugging. This will cause the command prompt window not to be closed so that
error messages remain visible.
Download
To prevent a backup from attacks by malware (e.g. so called
Ransomware),
it is usually recommended to use an external drive only connected to the computer
to perform the backup. Using two external drives alternately will cause an additional
protection.
Using Personal Backup this can be realized as described in the following
example:
- Two external drives are provided with the volume names Bu-1 and Bu-2.
Right-clicking on a drive in for example Windows Explorer and selecting
Properties will allow you to edit these names.
- Create a Backup task
containing all directories to be backed up using the Update mode.
Specify a volume name
containing a placeholder
for alternating days: :Bu-%d#2%:\Backup.
- Save the task and create a
Desktop Shortcut.
- The backup can be started anytime by double clicking the Desktop Shortcut.
If the required external drive is not connected, the user will be automatically
prompted to do so.
On odd-numbered days (1,3,5,.. counting from January 1) the
backup will be stored on Bu-1, on even-numbered days on Bu-2.
The procedure will be explained below using two examples. It is assumed that
two external drives are permanently connected to the computer and provided with
the volume names Bu-1 and Bu-2. Right-clicking on a drive in for example
Windows Explorer and selecting Properties will allow you to edit these
names.
Daily change |
|
- Create a Backup task
containing all directories to be backed up using the Update mode.
Specify a volume name
containing a placeholder
for alternating days: :Bu-%d#2%:\Backup.
- Save and then add the task to the list of
automatic tasks.
Select an appropriate time (e.g. On logoff) for execution.
On odd-numbered days (1,3,5,.. counting from January 1) the
backup will be stored on Bu-1, on even-numbered days on Bu-2.
|
Weekly change with schedule |
|
- Create a Backup task
containing all directories to be backed up using Update or Full mode.
Specify a volume name
containing a placeholder
for alternating weeks: :Bu-%w#2%:\Backup.
- Save and then add the task to the list of
automatic tasks.
Select an appropriate time (e.g. Daily at 20:00) for execution.
- Adjust a schedule
for this automatic task using a cycle of 7 days (1 x As defined in Task +
Differential or Incremental) with Monday for the full backup.
In odd-numbered weeks (1,3,5,..) the backup will be stored on Bu-1: with a full
backup on Monday and a differential or incremental backup (depending on selection)
on the other days.
In even-numbered weeks the backup will be appropriately stored on Bu-2.
|
The program supports saving data in accordance with a daily
alternating schedule, i.e.
one full and several differential or incremental backups (for more information refer to
Wikipedia).
To do this, you can use either the internal automatic backup
or the additional program
PbPlaner
together with Windows Task Scheduler.
In addition, it is possible to use
placeholders for the destination directory
and Windows Task Scheduler with its
manifold options for starting an application to realize almost any
individual alternating schedule. How to do so, is explained below using two examples.
1. Example for an alternating schedule with several backups per day
On every day of the week, a full backup shall be performed at 08:00 with differential
backups at 11:00, 14:00 and 17:00. No backups shall
be overwritten until the following week. The destination is a hard disk with
the volume name Backup.
- Create a task for a full backup with the following settings:
Destination:
:Backup:\Bu-%dow%\Full
Directories to backed up:
Select as required
Settings for backup destination:
Single files and Separate directories for drives (recommended)
Compress files:
yes (recommended)
Backup mode:
Either Full or Update (with the Archive bit options Use and Reset checked)
In the case of Full, all files in the destination directory will be deleted and
then all files copied from the source anew. This may take an appreciable length of time.
In the case of Update, only new and changed files will be copied, which will
take less time. On the other hand, all files deleted from the source
directory will be retained in the target directory. To avoid this, it is
recommended also to use
Synchronization.
If you wish, you can in addition select other features, e.g. to encrypt files or send
a mail notification. Finally the configured task will be saved as file using a
suitable name (e.g. Bu-Full).
- Configure a differential backup using the same settings as above
with the following exceptions:
Destination:
:Backup:\Bu-%dow%\D-%hour%
Backup mode: Differential
The best way is to change these settings in the task created above under 1. and store
it using the function Save as (e.g. as Bu-Diff).
- Insert the full backup into Windows Task Scheduler:
In the Control Panel, select the full
task (Bu-Full) and add this to Windows Task Scheduler by clicking the button
provided. Select Daily start at 08:00.
- Insert the differential backup into Windows Task Scheduler:
In the Control Panel, select the full
task (Bu-Diff) and add this to Windows Task Scheduler by clicking the button
provided. Select Daily start at 11:00 and use
Advanced settings
to set Repeat task to every 3 hours and duration to 10 hours.
On the destination drive the following directory structure will be created:
Seven directories Bu-Mon, Bu-Tue, Bu-Wed, ..., Bu-Sun
in each of which appear the subdirectories Full for the full backup
and D-11, D-14 and D-17 for the differential backups.
2. Example for an alternating schedule with daily backups for several weeks
On every Monday, a full backup shall be performed at 19:00 and then with
differential backups on the other days of the week also at 19:00. No backups shall
be overwritten until the 5th week. The destination is a hard disk with
the volume name Backup.
- Create a task for a full backup with the following settings:
Destination:
:Backup:\W%w#4%\Full
Directories to backed up:
Select as required
Settings for backup destination:
Single files and Separate directories for drives (recommended)
Compress files:
yes (recommended)
Backup mode:
Either Full or Update (with the Archive bit options Use and Reset checked)
In the case of Full, all files in the destination directory will be deleted and
then all files copied from the source anew. This may take an appreciable length of time.
In the case of Update, only new and changed files will be copied, which will
take less time. On the other hand, all files deleted from the source
directory will be retained in the target directory. To avoid this, it is
recommended also to use
Synchronization.
If you wish, you can in addition select other features, e.g. to encrypt files or send
a mail notification. Finally the configured task will be saved as a file using a
suitable name (e.g. Bu-WW).
- Configure a differential backup using the same settings as above
with the following exceptions:
Destination:
:Backup:\W%w#4%\%dow%
Backup mode: Differential
The best way is to change these settings in the task created above under 1. and store
it using the function Save as (e.g. as Bu-WD).
- Insert the full backup into Windows Task Scheduler:
In the Control Panel, select the full
task (Bu-WW) and add this to Windows Task Scheduler by clicking the button
provided. Select Weekly start on Monday at 19:00 and use
Advanced settings
to set the option Run task as soon as possible after a scheduled start is missed.
- Insert the differential backup into Windows Task Scheduler:
In the Control Panel, select the full
task (Bu-WD) and add this to Windows Task Scheduler by clicking the button
provided. Select Weekly start on all days except Monday at 19:00 and use
Advanced settings
to set the option Run task as soon as possible after a scheduled start is missed.
On the destination drive the following directory structure will be created:
Four directories W1, W2, W3 and W4 (one for each week),
in each of which appear the subdirectories Full for the full backup on Monday
and Tue, Wed, ..., Sun for the differential backups on the other
days of the week.
For the first time Personal Backup Version 5.6 offers the possibility of using
Volume Shadow Copies available since Windows XP under NTFS to back up even locked
files directly. In difference to version 5.7 that has this feature included,
a separate utility program is needed:
either
Volume Shadow Copy Simple Client (Windows XP, 7 and 8) or
Vs-Toolkit (Windows 7,8 and 10).
Prerequisites:
- Download
vscsc
or VS-Toolkit
as zip file
- Extract the desired version (32 or 64 bit, Windows XP or Windows 7/8/10)
into a suitable directory, e.g. E:\Programs\Vss.
- Create a backup task (e.g. BuAppData.buj) to back up one or more
directories all located on the same drive,
e.g. C:\Users\<Name>\AppData
- Create a batch file (BuAppData.bat) to be used by the program
vscsc to start the backup:
@echo off
call "%ProgramFiles%\Personal Backup 5\Release\Win32\Persbackup.exe" /f BuAppData.buj /repl:C=%1
- Create a batch file (StartBuAppData.bat) to start
the backup process using a volume shadow copy:
@echo off
e:\Programs\Vss\vscsc.exe -exec=BuAppData.bat C:
respectively
@echo off
e:\Programs\Vss\vstoolkit.exe -exec=BuAppData.bat C:
Processing:
StartBuAppData.bat can be started either directly from the Windows Explorer
or using a suitable desktop shortcut. In both cases this must be done via right-clicking
and the option Run as administrator even if you are logged on as a user with
administrative rights.
vscsc or vstoolkit will at first create a snapshot of the specified volume (in
this case C:) which will correspond with an internal virtual volume name, e.g.
\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopyxx.
This name will be transferred to the batch file BuAppData.bat and
substituted for %1 in the command line to start Personal Backup.
By dint of the option /repl:C=.., before copying files from all source
directories Personal Backup will substitute the newly-created name for the
snapshot for drive letter C:. In this way even locked files can be backed up
without invoking errors.
After backing up is completed, the snapshot will be deleted by vscsc automatically.
J. Rathlev, 24222 Schwentinental, Germany, September 2020