Skip to content
Tech Shizz Logo

An Engineers Blog

  • TechShizz
  • blog

Restoring System State on a Domain Controller from Backup Exec on a fresh OS

Posted on February 23, 2021 By rich No Comments on Restoring System State on a Domain Controller from Backup Exec on a fresh OS

When doing this I hit problem after problem so it’s worth creating a guide.

Background

A clients server had been hacked and was infected with ransom ware. They attackers destroyed Exchange and SQL and many other OS components. The best resolution seemed to be a complete rebuild and restore from backups. 

When installing Backup Exec, I changed the installation path for the application so that it was something like C:Program FilesSymantecBackup Exec Recovery so that when the restore is done later it does not interfere with itself. I did the same for the SQL install.

Problems Hit:

1. After installing backup exec, I was unable to catalog the data on the backup disks. To resolve this I had to follow this guide.

https://www.veritas.com/support/en_US/article.TECH142684

HOWEVER : It didnt work. What I needed to do was:

  • Stop Backup Exec services
  • Copy the “Catalog” folder from the old installation (I recovered this from Windows.Old)
  • Paste it over the new backup location.

Start Backup exec and now when clicking restore I could see the data.

2. Once booted into AD Repair mode I encountered a problem where Backup Exec services would not start. I resolved this by ensuring the following local security policies were set (secpol.msc)

Add the account for the Active Directory Repair account into the following policies:

Like this : ServerAdministrator

Also, before booting into AD restore mode, set the Backup Exec services to run using the “Local System” account and ensure you tick the “Allow service to interact with Desktop” checkbox.

Backup Exec then started OK.

3. I was then getting a permissions error when trying to restore system state. This was because the account that Backup Exec was installed with was “DomainUsername”. 

To get around this, you have to change the account that it was set up with. CREATING A NEW ACCOUNT FOR THE LOCAL AD RESTORE ACCOUNT DOES NOT WORK.

Post navigation

❮ Previous Post: Reporting Mailbox Folder Sizes with PowerShell
Next Post: Deploying Office via Group Policy ❯

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Subscribe to our newsletter!

Recent Posts

  • How to implement a lightning-fast ransomware playbook
  • How to achieve defence in depth in your business
  • How to implement a SecOps team phishing response plan
  • How to block an Office 365 Sign-in correctly
  • Microsoft finally patched serious Exchange 0-day over a month old!

Recent Comments

    Archives

    • November 2022
    • July 2021
    • March 2021
    • February 2021

    Categories

    • Cyber Security
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    Copyright © 2023 .

    Theme: Oceanly News Dark by ScriptsTown