But a little-known feature of Microsoft's Group Policy Objects (GPOs) may be making it harder for you to have a sensible backup program. Allow me to explain.
Three Basic Types of Backups
Corporate backup procedures come in an infinite variety, but the following three types are among the most well-known:
• Full backup. A complete copy of all files is made. The backup software clears or resets the "archive bit" that each file carries. If a file is modified at some point after a backup, the operating system turns the file's archive bit back on. This allows backup programs to select those files that have recently changed.
• Incremental backup. Since full backups can be very time-consuming, incremental backups can be scheduled. These copy only new and modified files: those that have the archive bit set "on." Software that performs an incremental backup then clears the archive bit, so the next incremental won't copy files unnecessarily. If you performed a full backup on a Sunday night, and incremental backups on Monday and Tuesday nights, a disk failure on Wednesday morning would require you to run a restore operation from the Sunday, Monday, and Tuesday night backup media.
• Differential backup. Because restoring from multiple backup media can be time-consuming, some companies use differential backups. These copy files that have the archive bit set "on," but do not clear the archive bit. Every time a differential is made, it copies every file that have been modified since the last full backup. A disk failure on a Wednesday morning, to use the example above, would require you to run a restore operation only from Sunday's full backup and Tuesday's differential.
The Problem with Microsoft's Group Policy Objects
Group Policy Objects are used by administrators of Windows 2000 Server and Windows Server 2003 domains. GPOs are very helpful in setting rules that users and specific computers on a network must follow.
Unfortunately, using GPOs has the negative side-effect of setting the archive bit on all files and folders within the affected server's organizational unit (OU). This makes so-called incremental and differential backups copy far more files than they should. You can demonstrate this yourself on a Windows server, via a procedure suggested by reader Gary Busby:
• New folder. Create a folder on a server in a Windows 2000 or 2003 domain.
• New file. Create a new text file in this folder or, better yet, copy into the folder a text file that was last modified weeks ago.
• Clear the archive bit. In the file's Advanced Properties, uncheck the box marked "File is ready for archiving," if it is checked. This should make the file appear to be unmodified. It therefore would not take up time and space in an incremental or differential backup.
• New GPO. Create a Group Policy Object on the OU that houses the server.
• New policy. Create a computer file-system security policy for the folder you created above. Grant "full control" to any selected group or user you wish, using the same Access Control List (ACL) rights as the folder and file you created.
• Update policies. Refresh the policies on the server, using the command secedit (on Windows 2000 Server) or gpupdate (on Windows Server 2003) — or simply wait until the policies are updated automatically, which usually occurs on Windows servers several times a day.
• Oops! Now examine the Advanced Properties of the file you created. Its archive bit has been set — as though it had been modified.
With thousands of files involved, your incremental or differential backups might take just as long and be just as large as a full backup.
There isn't a patch for this kind of behavior yet. You can, however, try to work around the "feature" if your backup software permits a type known as Daily. Using this setting, the backup software copies all files that were modified on a certain date. Daily backups ignore the archive bit and leave it unchanged. If this is the alternative you choose, you're compelled to create, in effect, an incremental backup once a day.
Of course, if you currently don't backup your network on a frequent basis, being forced to make a backup once a day might be an improvement!