Setting Up BackupPC on Windows

My original intent in setting up BackupPC was to be able to backup my laptops. The mainly run Windows, and have a lot of shared files. Therefore I wanted a backup solution which handled de-duplication. BackupPC was just what I needed. I have already posted an article about Setting Up BackupPC on Ubuntu that includes setting up a server.

This article covers setting up BackupPC on Windows using rsyncd as the protocol.   (I tried using Samba, but didn’t like the results with Windows Home editions.) This is done with an extremely minimal cygwin install available from the BackupPC site on SourceForge.  The backups described here are not designed for bare metal recovery.   They should include all the user’s files, and some of the configuration data for installed applications.

Preparing rsyncd for Installation

Download the latest rsyncd package from the BackupPC site .  The site contains the instructions for building your own daemon if you prefer.   There is also a link to another package that includes ssh as well.  This is a Win32 application, but runs well on Win64.  After configuration and installation this daemon will run as a service on the PCs you want to backup.  Unzip the file to the a working directory.

Choose where you want to install the daemon.  The supplied files assume you will install files in C:/rsycncd/.  If you install it elsewhere you will need to update service.bat and rsyncd.conf accordingly.

You can edit the configuration to suit your needs.   You should edit rsyncd.conf and rsyncd.secrets.    If you want to use a unique password for each client,  rsyncd.secrets will need to be edited for each client.   rsyncd.conf configures the daemon including listing the shared directories.  The following allows read-only access to  C: and D: as cDrive and dDrive accordingly.  Edit as appropriate for you clients (change the IP address at least).  They should all be able to share the same configuration file.  (For debugging you may want to enable the list function.)

use chroot = false
max connections = 1
pid file = c:/rsyncd/rsyncd.pid
lock file = c:/rsyncd/rsyncd.lock

[cDrive]
 path = c:
 comment = Entire C: Drive
 auth users = backuppc
 secrets file = c:/rsyncd/rsyncd.secrets
 hosts allow = 192.0.2.5
 strict modes = false
 read only = true
 list = false

[dDrive]
 path = d:
 comment = Entire D: Drive
 auth users = backuppc
 secrets file = c:/rsyncd/rsyncd.secrets
 hosts allow = 192.0.2.5
 strict modes = false
 read only = true
 list = false

A firewall you will need to enable access to the rsyncd port (873/TCP) and pings (ICMP/8) from the BackupPC server. The following script (fw-vista.bat) will open the firewall on Windows Vista and Windows 7.   The commands are different from the commands in service.bat which work  for Windows XP.  (Update the IP address for your server or omit if the connection will always be on the LocalSubnet.)

rem fw-vista.bat - Install firewall rules for rsycnd

set REMOTE=192.0.2.5,LocalSubnet
netsh advfirewall firewall add rule name=”RSync” dir=in action=allow program=”C:\rsyncd\rsync.exe” enable=yes remoteip=%REMOTE% profile=domain
netsh advfirewall firewall add rule name="Open Port 873" dir=in action=allow protocol=TCP localport=873
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
pause

This is the equivalent (fw-xp.bat) file for Windows XP.  This is only needed if you have Windows XP systems running Windows Firewall.  (Update the IP address for your server as above.)

rem fw-xp.bat - Install firewall rules for rync

set REMOTE=192.0.2.5,LocalSubnet
netsh firewall set allowedprogram program = c:\rsyncd\rsync.exe name = rsync mode = enable scope = CUSTOM addresses = %REMOTE%
netsh firewall set portopening protocol = TCP port = 873 name = rsyncd mode = enable scope = CUSTOM addresses = %REMOTE%
netsh firewall set icmpsetting 8 enable

Setting up a Windows Client

Copy the contents of the directory you configured to C:/rsyncd/ on the client.  Generate a new password for the server and update rsycnd.secrets on the client to use it.  A long password  should be used.  You will need this password when setting up the client on the server.

Run the file service.bat as administrator to install the rsyncd service.   If you need to change the configuration, you can use the Services menu to restart the service and reload the configuration.

If you are using Windows Firewall run the appropriate firewall script as administrator.   The fw-vista.bat script also applies to Windows-7.   If you are using another firewall enable pings from your server as well as incoming TCP connections to port 873.  Verify you firewall changes from the server by pinging the client.  Then verify access to rsyncd by using telnet to connect to port 873 on the client.   If the firewall is open you should receive the message “@RSYNCD: 29“.

Configuring the Server

This document assumes the defaults on the Xfer section of the default configuration  have been set as follows:

  • XferMethod = rsyncd
  • ClientCharset = cp1252
  • RsyncShareName = cDrive

When setting up a client verify these settings are appropriate.  Users outside North America will likely have a code page other than cp1252. If your defaults are different, change them and ensure your other backups are correctly configured, or set them when configuring your clients.

Once the client is configured, you can configure backups on the server.   Connect to the BackupPC web page.  Select the Edit Hosts menu and click on the Add button.  Add the clients name in the new box.   If you have a similar system already configured you can use the NEWHOST=COPYHOST form to copy the configuration of the existing system.  Put the userid of the user to be notified if backups are not being done in the user column.  Set the RsyncdPasswd field to the password you used in the rsyncd.secrets file on the client.

Windows requires a long list of exclusions.  The easiest way to specify them is to add the values directly to the configuration file.  Configuration files are found in /etc/backuppc/.  Then name is the client name with a .pl file extension. You can edit them with your favorite editor.

The cDrive and dDrive hashes for Windows Vista and Windows 7 look like this:

$Conf{BackupFilesExclude} = {
 'cDrive' => [
 '*.lock',
 '/$AVG',
 '/$RECYCLE.BIN',
 '/$Recycle.Bin',
 '/BOOTSECT.BAK',
 '/Boot',
 '/Documents and Settings',
 '/Intel',
 '/MSOCache',
 '/Program Files',
 '/ProgramData/Application Data',
 '/ProgramData/Desktop',
 '/ProgramData/Documents',
 '/ProgramData/Favorites',
 '/ProgramData/Microsoft/Search',
 '/ProgramData/Microsoft/Windows Defender',
 '/ProgramData/Start Menu',
 '/ProgramData/Templates',
 '/SWSetup',
 '/System Volume Information',
 '/System.sav',
 '/Users/*/AppData/Local/Application Data',
 '/Users/*/AppData/Local/History',
 '/Users/*/AppData/Local/Microsoft/Windows Defender/FileTracker',
 '/Users/*/AppData/Local/Microsoft/Windows/Explorer/thumbcache_*.db',
 '/Users/*/AppData/Local/Microsoft/Windows/History/History.IE5/MSHist*',
 '/Users/*/AppData/Local/Microsoft/Windows/Temporary Internet Files',
 '/Users/*/AppData/Local/Microsoft/Windows/UsrClass.dat*',
 '/Users/*/AppData/Local/Microsoft/Windows/WER',
 '/Users/*/AppData/Local/Mozilla/Firefox/Profiles/*/Cache',
 '/Users/*/AppData/Local/Mozilla/Firefox/Profiles/*/OfflineCache',
 '/Users/*/AppData/Local/Temp',
 '/Users/*/AppData/Local/Temporary Internet Files',
 '/Users/*/AppData/Roaming/Microsoft/Windows/Cookies',
 '/Users/*/AppData/Roaming/Microsoft/Windows/Recent',
 '/Users/*/Application Data',
 '/Users/*/Cookies',
 '/Users/*/Documents/My Music',
 '/Users/*/Documents/My Pictures',
 '/Users/*/Documents/My Videos',
 '/Users/*/Local Settings',
 '/Users/*/My Documents',
 '/Users/*/NTUSER.DAT*',
 '/Users/*/NetHood',
 '/Users/*/PrintHood',
 '/Users/*/Recent',
 '/Users/*/SendTo',
 '/Users/*/Start Menu',
 '/Users/*/Templates',
 '/Users/*/ntuser.dat*',
 '/Users/All Users',
 '/Users/All Users/Documents',
 '/Users/All Users/Favorites',
 '/Users/All Users/Start Menu',
 '/Users/All Users/Templates',
 '/Users/Users/All Users/Application Data',
 '/Users/Users/All Users/Desktop',
 '/Users/Users/Default User',
 '/Windows',
 '/autoexec.bat',
 '/bea',
 '/bootmgr',
 '/config.sys',
 '/eclipse',
 '/hiberfil.sys',
 '/pagefile.sys',
 'Cache*',
 'IconCache.db',
 'Thumbs.db',
 'cache*'
 ],
'dDrive' => [
 '*.lock',
 '/$RECYCLE.BIN',
 '/$Recycle.Bin',
 '/Documents and Settings',
 '/Users/*/AppData/Local/Application Data',
 '/Users/*/AppData/Local/History',
 '/Users/*/AppData/Local/Microsoft/Windows Defender/FileTracker',
 '/Users/*/AppData/Local/Microsoft/Windows/Explorer/thumbcache_*.db',
 '/Users/*/AppData/Local/Microsoft/Windows/History/History.IE5/MSHist*',
 '/Users/*/AppData/Local/Microsoft/Windows/Temporary Internet Files',
 '/Users/*/AppData/Local/Microsoft/Windows/UsrClass.dat*',
 '/Users/*/AppData/Local/Microsoft/Windows/WER',
 '/Users/*/AppData/Local/Mozilla/Firefox/Profiles/*/Cache',
 '/Users/*/AppData/Local/Mozilla/Firefox/Profiles/*/OfflineCache',
 '/Users/*/AppData/Local/Temp',
 '/Users/*/AppData/Local/Temporary Internet Files',
 '/Users/*/AppData/Roaming/Microsoft/Windows/Cookies',
 '/Users/*/AppData/Roaming/Microsoft/Windows/Recent',
 '/Users/*/Application Data',
 '/Users/*/Cookies',
 '/Users/*/Documents/My Music',
 '/Users/*/Documents/My Pictures',
 '/Users/*/Documents/My Videos',
 '/Users/*/Local Settings',
 '/Users/*/My Documents',
 '/Users/*/NTUSER.DAT*',
 '/Users/*/NetHood',
 '/Users/*/PrintHood',
 '/Users/*/Recent',
 '/Users/*/SendTo',
 '/Users/*/Start Menu',
 '/Users/*/Templates',
 '/Users/*/ntuser.dat*',
 '/pagefile.sys',
 'Cache*',
 'IconCache.db',
 'Thumbs.db',
 'cache*'
 ]
};

A default hash for Windows XP looks like this:

$Conf{BackupFilesExclude} = {
 '*' => [
 '*.lock',
 '/AUTOEXEC.BAT',
 '/BOOTSECT.BAK',
 '/CONFIG.SYS',
 '/Documents and Settings/*/Cookies',
 '/Documents and Settings/*/Local Settings/Application Data/Microsoft/Windows/UsrClass.dat*',
 '/Documents and Settings/*/Local Settings/Application Data/Mozilla/Firefox/Profiles/*/Cache',
 '/Documents and Settings/*/Local Settings/Application Data/Mozilla/Firefox/Profiles/*/OfflineCache',
 '/Documents and Settings/*/Local Settings/Temp',
 '/Documents and Settings/*/Local Settings/Temporary Internet Files',
 '/Documents and Settings/*/My Documents/My Dropbox',
 '/Documents and Settings/*/NTUSER.DAT*',
 '/Documents and Settings/*/Recent',
 '/Documents and Settings/*/ntuser.dat*',
 '/MSOCache',
 '/Program Files/',
 '/RECYCLER',
 '/System Volume Information',
 '/WINDOWS',
 '/hiberfil.sys',
 '/pagefile.sys',
 'Cache*',
 'IconCache.db',
 'Thumbs.db',
 'cache*'
 ]
};

I merged the Vista/Windows 7 configuration into config.pl. To prepare the above specification for merging remove the first and last lines.  Then add a command after the last square bracket.   Add the hashes to the configuration file right after the line reading “$Conf{BackupFilesExclude} = {“.  If you are backing up Windows XP clients, it is simpler to just add the exclusion list to the first client  and copy the configuration for other Windows XP clients.

Verifying the Configuration

Follow the instructions from Setting up BackupPC on Ubuntu/ to verify the configuration.

Notes*

The BackupPC web interface includes extensive on-site documentation.  It also provides links to additional documentation off-site.  The BackupPC Wiki provides some useful information not included in the documentation.

Users listed in the Edit Hosts panel can recover files if they are able to log-on to the BackupPC web interface.   Consider whether you want to allow them to do so.  The Windows configuration presented here does not allow them to use rsyncd to recover the files.  They will need to create a zip file and extract that.

I have not verified the permissions tracking for Windows backups.   I expect that I will not have the full Windows ACLs.  However, I do not anticipate performing a bare metal backup using these backups. The BackupPC documentation contains details on how to configure more complete backups.

Windows keeps a number of essential files locked.  As a result they will not be backed up.  These files should be included in the exclusion list above.  The exclusions also includes the Windows O/S files and programs installed under Program Files.

Windows 7 and Vista have a number of junction points to maintain compatibility with prior releases.   They should be included in the exclusion list above.  If you want to verify your configuration  list them with the command

dir /aL /s > JunctionPoints.txt

If you haven’t done so already, configure the BackupPC web interface to require SSL.   Your web server will need to be configured for SSL.  Then, add SSLRequireSSL to the authorization section of the Apache configuration.  Reload the configuration and verify you can not access the site using HTTP, and that you can using HTTPS.