Inhaltsverzeichnis
PersBackup

Personal Backup

© 2001 − 2021, Dr. Jürgen Rathlev

Tips and tricks

Overview


General recommendations

To increase the integrity of your personal data, it is strongly recommended to move the folders provided by the Windows system, for example Documents, Music and Pictures, from their original location on the system drive C: to a different partition on a separate drive. A possible hardware configuration could consist of an SSD drive for the system and installed applications (a size of 256 or 512 GB would be sufficient) and an additional conventional hard drive (with a size of 1 or 2 TB) for your personal data. By this means, your data will be widely protected from system crashes. If the system fails for any reason, for example after an update, it is very easy to recover the system partition from a disk image. The data partition will be unaffected by this and will be available instantly. This will be the case even if the system must be installed completely anew. An additional backup of your data using Personal Backup, for example on an external drive, is in any case recommended. Find more information about how to move your personal data.


Alternate method for backup on logoff/shutdown

After updating to Windows 10 (1903), an issue has arisen affecting a backup to be performed automatically on logoff or shutdown. The backup starts, but among other things the progress window is not visible because the system enables the lock screen (more details).

Because of this, an alternate method is described below. You must create an appropriate Desktop shortcut (see below) which will be used to logoff or shutdown the computer instead of the On/off function from the Windows Start Menu. Double-clicking this shortcut will first perform the provided backups and then, depending on your selection, logoff or shutdown the system.

Procedure


Protecting the backup from malware (Ransomware)

Of late, ever more news items are published reporting malware (so-called Ransomware) that maliciously encrypts a user's data and demands a ransom in return for the decryption key. Unfortunately a simple backup is not capable of preventing such attacks because it too can be maliciously encrypted and hence cannot be used to restore the data.

As reported, the currently-rampant malware program Locky does not encrypt all file types but unfortunately the information about this varies. It seems that gze files used by Personal Backup by default for encrypted backups are not affected and so should not be corrupted, but it is uncertain whether this will remain the case in the future. The list of file types not affected can change at any time. You should not rely on any current immunity and instead, take other actions.

The best way to protect your data from such malware is to preclude any access to the backup files, e.g. by backing up to an external drive that is not permanently connected to the computer. In this case the user has to connect the drive every time before making a backup. This can be very inconvenient but the method should always be used when performing a "backup of a backup". This is not required every day, but should be done periodically. If you want to protect your backups also from other risks (fire, burglary, etc.), you should deposit the backup medium in a safe place.

There are other safe ways for carrying out daily backups that can be used for internal and permanently-connected external drives. An essential requirement is to format these drives in NTFS (Windows default). In this case access can be adjusted by setting suitable user permissions: the currently logged-on user should have permission only to read the backup directory, so that no program started by this user can write into this directory. To perform a backup you can then use one of the following methods:

Important prerequisite: The logged-on user must not have administrator rights. Unfortunately this is not established by default during Windows installation, hence the settings for the relevant users accounts must be changed manually. The following configuration is recommended:

  1. Activate the default administrator account and assign a password
  2. Add another administrator account using the user's password for additional security and program installation.
  3. Downgrade all other accounts to standard user.

For all normal activities on your computer (mail, internet, text processing, image processing, etc.) administrator rights are not required. If a program is to be installed, the Windows user access control will pop up automatically and prompt for a temporary logon as administrator (see above under 2.).

Important preliminary note: The following descriptions were compiled carefully, but the author assumes no responsibility for the topicality, correctness, completeness or quality of the information provided. Every user should be aware of the risks involved in changing system settings. Liability claims against the author whether material or non-material caused by the use of the information provided shall be rejected.

It is assumed for the following description that the backup is to be made to a directory on drive F:, e.g. F:\Backup. If desired, you can replace the drive letter with any other applicable to your system. To understand the procedure, it is important to know that permissions of a parent directory are automatically passed to all its child objects (files and subdirectories). In our example the directory F:\Backup will inherit permissions from its parent directory F:\. Because permissions for F:\Backup and its subdirectories are to be amended, inheritance of this directory must first of all be turned off. How this can be done is described below in detail.

There are several ways to perform a protected backup on a local drive:

  1. Automatic backups using Windows Task Scheduler
    The user logs on with an administrator account (see above) and creates for example the backup directory F:\Backup. Then, a new standard user account only for performing the backups is created (Control Panel – User Accounts), with for example the account name BackupUser. This user needs read access to all data to be backed-up and write access to the backup directory.
    Change permissions of directories to be backed-up: Change permissions of the destination directory: The backup must then be configured for the destination directory in the normal way. Take care that the task is saved into a directory where the backup user has write permissions. After this, the backup task is to be added to the list of Windows Scheduled Tasks (see here). Insert the name and the password of the newly-created user BackupUser under User account
     .
  2. Starting the backup manually by using another user account
    Personal Backup since version 5.8 contains the additional program PbStarter which can be used to configure backups started under a different user account in a very comfortable way (detailed description).
    Another way is to use the Windows command RunAs. As described above, at first create a new user account only for backup and then change permissions for the destination directory. On configuring the backup task, take care that it is saved into a directory where the backup user has write permissions.
    Then open the Windows Command prompt window or type the Windows-R key and insert the following line:
    Windows 32-bit with Personal Backup 32-bit or Windows 64-bit with Personal Backup 64-bit:
    runas /user:Backup "%ProgramFiles%\Personal Backup 5\PersBackup.exe /i:pb <task>"
    Windows 64-bit with Personal Backup 32-bit:
    runas /user:Backup "%ProgramFiles(x86)%\Personal Backup 5\PersBackup.exe /i:pb <task>"
    Replace <task> by the full path of the backup task to be executed. After inserting the password for the user (in this case BackupUser), Personal Backup will be started under this account and the specified backup task will be opened. To start the backup, click the Start button.
    For simplification you can insert the above line into a batch file to start the backup. By adding the command line option /force, the backup will be started immediately without opening the desktop.
    Important note: This procedure cannot be used for automatic backups.
     
  3. Starting the backup manually or via a desktop shortcut using changed permissions
    In this case the backup will be performed using the account of the logged-on user. For reasons mentioned above, this user must have only read permissions on the destination directory. These permissions are to be raised temporarily only for the time the backup is running so that the user may write to that directory. The following issue could be problematic: due to inheritance (see above) before and after the backup, all permissions of the files in the backup directory must be changed and, if there are many files, this will need some time. The following procedure is similar to that described in 1.
    The user remains logged on under his normal account and creates the backup directory to be used F:\Backup after which, permissions of the destination directory are adjusted: The backup must then be configured for the destination directory in the normal way. For the adjustment of permissions before and after the backup, the External programs option must be used. Insert the following command lines:
    Before backup:
    %sysdir%\icacls.exe %dest% /grant:r %username%:(OI)(CI)M
    After backup:
    %sysdir%\icacls.exe %dest% /grant:r %username%:(OI)(CI)RX
    After saving the backup task it can be started either manually or by creating a desktop shortcut.
    Important note: This procedure cannot be used for an automatic backup at logoff or shutdown because in this case the execution of external programs is disabled by the Windows system. Instead of using the Windows start button to shut the computer down, you can use a desktop shortcut to Personal Backup to do so. On creating this shortcut, select Power off as Action after backup. In contrast, a time-scheduled backup or a backup after logon is possible.

Starting a backup automatically on connecting an external drive

To start a backup automatically when an external drive is connected to the computer via USB, the program AutoRunner is required. After downloading the setup file, the program must be installed as described on the AutoRunner website.
To start a backup using this program, follow these steps:

  1. After connecting the external drive, first the backup must be configured and stored as a task file (e.g. usb-1.buj). It would then be advisable to start the backup once manually to prove that everything functions as expected.
  2. After this, a small batch file must be created using any text editor (e.g. Notepad). The file contains depending on the installation only one line:

    Personal Backup 32-bit version:
    Windows XP:
    "%ProgramFiles%\Personal Backup 5\PersBackup.exe" <path>\usb-1.buj /force /hide /quiet
    Windows 7/8/10 (32-bit):
    "%ProgramFiles%\Personal Backup 5\PersBackup.exe" <path>\usb-1.buj /force /hide /quiet
    Windows 7/8/10 (64-bit):
    "%ProgramFiles(x86)%\Personal Backup 5\PersBackup.exe" <path>\usb-1.buj /force /hide /quiet
    Personal Backup 64-bit version:
    Windows 7/8/10 (64-bit):
    "%ProgramW6432%\Personal Backup 5\PersBackup.exe" <path>\usb-1.buj /force /hide /quiet
    <path> should be replaced by the path of the buj file. Save this batch file in the root directory of the external drive (e.g. StartPb.bat).
  3. Then start the AutoRunner program and add a new start object selecting the batch file just created for this.
    Trigger (File): ?:\StartPb.bat
    Command: c:\Windows\System32\cmd.exe
    Parameter: /c ?:\StartPb.bat
  4. Remove the external drive.

Now whenever the external drive is reconnected, the batch file and consequently the backup will be started automatically.

Note: If you have any problems on executing this procedure, for example if you specified an invalid path, you should replace the option /c in Parameter by /k for debugging. This will cause the command prompt window not to be closed so that error messages remain visible.

Download

Daily alternating backup on two external drives

To prevent a backup from attacks by malware (e.g. so called Ransomware), it is usually recommended to use an external drive only connected to the computer to perform the backup. Using two external drives alternately will cause an additional protection.
Using Personal Backup this can be realized as described in the following example:

  1. Two external drives are provided with the volume names Bu-1 and Bu-2. Right-clicking on a drive in for example Windows Explorer and selecting Properties will allow you to edit these names.
  2. Create a Backup task containing all directories to be backed up using the Update mode. Specify a volume name containing a placeholder for alternating days: :Bu-%d#2%:\Backup.
  3. Save the task and create a Desktop Shortcut.
  4. The backup can be started anytime by double clicking the Desktop Shortcut. If the required external drive is not connected, the user will be automatically prompted to do so.

On odd-numbered days (1,3,5,.. counting from January 1) the backup will be stored on Bu-1, on even-numbered days on Bu-2.


Automatically alternating backup on several external drives

The procedure will be explained below using two examples. It is assumed that two external drives are permanently connected to the computer and provided with the volume names Bu-1 and Bu-2. Right-clicking on a drive in for example Windows Explorer and selecting Properties will allow you to edit these names.

Daily change
 
  1. Create a Backup task containing all directories to be backed up using the Update mode. Specify a volume name containing a placeholder for alternating days: :Bu-%d#2%:\Backup.
  2. Save and then add the task to the list of automatic tasks. Select an appropriate time (e.g. On logoff) for execution.

On odd-numbered days (1,3,5,.. counting from January 1) the backup will be stored on Bu-1, on even-numbered days on Bu-2.

Weekly change with schedule
 
  1. Create a Backup task containing all directories to be backed up using Update or Full mode. Specify a volume name containing a placeholder for alternating weeks: :Bu-%w#2%:\Backup.
  2. Save and then add the task to the list of automatic tasks. Select an appropriate time (e.g. Daily at 20:00) for execution.
  3. Adjust a schedule for this automatic task using a cycle of 7 days (1 x As defined in Task + Differential or Incremental) with Monday for the full backup.

In odd-numbered weeks (1,3,5,..) the backup will be stored on Bu-1: with a full backup on Monday and a differential or incremental backup (depending on selection) on the other days. In even-numbered weeks the backup will be appropriately stored on Bu-2.


Configuring individual alternating schedules

The program supports saving data in accordance with a daily alternating schedule, i.e. one full and several differential or incremental backups (for more information refer to Wikipedia). To do this, you can use either the internal automatic backup or the additional program PbPlaner together with Windows Task Scheduler.

In addition, it is possible to use placeholders for the destination directory and Windows Task Scheduler with its manifold options for starting an application to realize almost any individual alternating schedule. How to do so, is explained below using two examples.

1. Example for an alternating schedule with several backups per day

On every day of the week, a full backup shall be performed at 08:00 with differential backups at 11:00, 14:00 and 17:00. No backups shall be overwritten until the following week. The destination is a hard disk with the volume name Backup.

  1. Create a task for a full backup with the following settings:
    Destination: :Backup:\Bu-%dow%\Full
    Directories to backed up: Select as required
    Settings for backup destination: Single files and Separate directories for drives (recommended)
    Compress files: yes (recommended)
    Backup mode: Either Full or Update (with the Archive bit options Use and Reset checked)
    In the case of Full, all files in the destination directory will be deleted and then all files copied from the source anew. This may take an appreciable length of time. In the case of Update, only new and changed files will be copied, which will take less time. On the other hand, all files deleted from the source directory will be retained in the target directory. To avoid this, it is recommended also to use Synchronization.
    If you wish, you can in addition select other features, e.g. to encrypt files or send a mail notification. Finally the configured task will be saved as file using a suitable name (e.g. Bu-Full).
  2. Configure a differential backup using the same settings as above with the following exceptions:
    Destination: :Backup:\Bu-%dow%\D-%hour%
    Backup mode: Differential
    The best way is to change these settings in the task created above under 1. and store it using the function Save as (e.g. as Bu-Diff).
  3. Insert the full backup into Windows Task Scheduler:
    In the Control Panel, select the full task (Bu-Full) and add this to Windows Task Scheduler by clicking the button provided. Select Daily start at 08:00.
  4. Insert the differential backup into Windows Task Scheduler:
    In the Control Panel, select the full task (Bu-Diff) and add this to Windows Task Scheduler by clicking the button provided. Select Daily start at 11:00 and use Advanced settings to set Repeat task to every 3 hours and duration to 10 hours.

On the destination drive the following directory structure will be created:
Seven directories Bu-Mon, Bu-Tue, Bu-Wed, ..., Bu-Sun in each of which appear the subdirectories Full for the full backup and D-11, D-14 and D-17 for the differential backups.

2. Example for an alternating schedule with daily backups for several weeks

On every Monday, a full backup shall be performed at 19:00 and then with differential backups on the other days of the week also at 19:00. No backups shall be overwritten until the 5th week. The destination is a hard disk with the volume name Backup.

  1. Create a task for a full backup with the following settings:
    Destination: :Backup:\W%w#4%\Full
    Directories to backed up: Select as required
    Settings for backup destination: Single files and Separate directories for drives (recommended)
    Compress files: yes (recommended)
    Backup mode: Either Full or Update (with the Archive bit options Use and Reset checked)
    In the case of Full, all files in the destination directory will be deleted and then all files copied from the source anew. This may take an appreciable length of time. In the case of Update, only new and changed files will be copied, which will take less time. On the other hand, all files deleted from the source directory will be retained in the target directory. To avoid this, it is recommended also to use Synchronization.
    If you wish, you can in addition select other features, e.g. to encrypt files or send a mail notification. Finally the configured task will be saved as a file using a suitable name (e.g. Bu-WW).
  2. Configure a differential backup using the same settings as above with the following exceptions:
    Destination: :Backup:\W%w#4%\%dow%
    Backup mode: Differential
    The best way is to change these settings in the task created above under 1. and store it using the function Save as (e.g. as Bu-WD).
  3. Insert the full backup into Windows Task Scheduler:
    In the Control Panel, select the full task (Bu-WW) and add this to Windows Task Scheduler by clicking the button provided. Select Weekly start on Monday at 19:00 and use Advanced settings to set the option Run task as soon as possible after a scheduled start is missed.
  4. Insert the differential backup into Windows Task Scheduler:
    In the Control Panel, select the full task (Bu-WD) and add this to Windows Task Scheduler by clicking the button provided. Select Weekly start on all days except Monday at 19:00 and use Advanced settings to set the option Run task as soon as possible after a scheduled start is missed.

On the destination drive the following directory structure will be created:
Four directories W1, W2, W3 and W4 (one for each week), in each of which appear the subdirectories Full for the full backup on Monday and Tue, Wed, ..., Sun for the differential backups on the other days of the week.


Version-5.6 backups using Volume Shadow Copies (VSS)

For the first time Personal Backup Version 5.6 offers the possibility of using Volume Shadow Copies available since Windows XP under NTFS to back up even locked files directly. In difference to version 5.7 that has this feature included, a separate utility program is needed:
either Volume Shadow Copy Simple Client (Windows XP, 7 and 8) or Vs-Toolkit (Windows 7,8 and 10).

Prerequisites:

  1. Download vscsc or VS-Toolkit as zip file
  2. Extract the desired version (32 or 64 bit, Windows XP or Windows 7/8/10) into a suitable directory, e.g. E:\Programs\Vss.
  3. Create a backup task (e.g. BuAppData.buj) to back up one or more directories all located on the same drive, e.g. C:\Users\<Name>\AppData
  4. Create a batch file (BuAppData.bat) to be used by the program vscsc to start the backup:
      @echo off
      call "%ProgramFiles%\Personal Backup 5\Release\Win32\Persbackup.exe" /f BuAppData.buj /repl:C=%1
  5. Create a batch file (StartBuAppData.bat) to start the backup process using a volume shadow copy:
      @echo off
      e:\Programs\Vss\vscsc.exe -exec=BuAppData.bat C:
    respectively
      @echo off
      e:\Programs\Vss\vstoolkit.exe -exec=BuAppData.bat C:

Processing:

StartBuAppData.bat can be started either directly from the Windows Explorer or using a suitable desktop shortcut. In both cases this must be done via right-clicking and the option Run as administrator even if you are logged on as a user with administrative rights.

vscsc or vstoolkit will at first create a snapshot of the specified volume (in this case C:) which will correspond with an internal virtual volume name, e.g. \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopyxx.

This name will be transferred to the batch file BuAppData.bat and substituted for %1 in the command line to start Personal Backup. By dint of the option /repl:C=.., before copying files from all source directories Personal Backup will substitute the newly-created name for the snapshot for drive letter C:. In this way even locked files can be backed up without invoking errors.

After backing up is completed, the snapshot will be deleted by vscsc automatically.


J. Rathlev, 24222 Schwentinental, Germany, September 2020