Endpoint Block level backups to restore from Ransom-ware
-
I have smaller clients that have Microsoft Server Essentials. (formerly SBS) It backs up their workstations by default. I usually put in a cheap drive in the server as a backup target and let it run. I backup the server data to the cloud, but not the workstation backup folder. On a small scale it works pretty well. Everything is contained in the server dashboard so it's clear that it's running, etc. It does some pretty good dedupe so it doesn't take up much space. This seems to work better than redirected folders. I think this was put in place more for users screwing up their desktop than recovering from a crypto infection, but it would work.
I wish this functionality was available on Server Standard. With good dedupe, the backups wouldn't be terribly large. On the other hand, on most of the large networks, we have standardized hardware and images to deploy, so the nuke and pave approach would probably use the same amount of time.
-
As they said in the post you linked, "...I know user's shouldn't store stuff on their local drives..."
If you have them a network share (or NextCloud, etc) set up to save documents to or you have folder redirection turned on, and they STILL manage to save stuff on their local machine... It's on them.
Nuke and repave.
-
@Mike-Davis How many endpoints does this client have? At any scale beyond a handful I'd find this task completely insane to bother with personally...
@dafyre Oh I get redirecting folders to a server that is backed up, which in essence does the same thing, without needing to run the backup from the endpoint directly.
The storage is still used though, but if you're redirecting folders than it's purely on the user if they save stuff to the root of
for example. -
@DustinB3403 said in Endpoint Block level backups to restore from Ransom-ware:
@Mike-Davis How many endpoints does this client have? At any scale beyond a handful I'd find this task completely insane to bother with personally...
The clients that have Server Essentials average about 7 endpoints. If you've never seen the Server Essentials dashboard, it's actually pretty clever. It creates that elusive "single pane of glass" that seems to be what Sysadmins have been looking for for years.
-
@DustinB3403 said in Endpoint Block level backups to restore from Ransom-ware:
@dafyre Oh I get redirecting folders to a server that is backed up, which in essence does the same thing, without needing to run the backup from the endpoint directly.
Does the same thing as what? Backing up the whole endpoint?
-
@Dashrender said in Endpoint Block level backups to restore from Ransom-ware:
@DustinB3403 said in Endpoint Block level backups to restore from Ransom-ware:
@dafyre Oh I get redirecting folders to a server that is backed up, which in essence does the same thing, without needing to run the backup from the endpoint directly.
Does the same thing as what? Backing up the whole endpoint?
No, it protects the user files. Which is most often the goal, to reduce lost productivity by not having to reproduce work.
-
@DustinB3403 Which locations would you include? Just document scrapes of My Docs / Downloads / Desktop? Full disk diff? Or that frustrating 'somewhere betwixt' region, including user-installed applications & associated system/registry data? Once heading down this road it's hard to know where to stop...
-
We don't back up workstations at all. It's a little different because it's RHEL but there is nothing on the workstations at all. Users can't even save to them. Apps, projects, archives, home directories, etc are all automounted.
-
@stacksofplates said in Endpoint Block level backups to restore from Ransom-ware:
We don't back up workstations at all. It's a little different because it's RHEL but there is nothing on the workstations at all. Users can't even save to them. Apps, projects, archives, home directories, etc are all automounted.
Automounting is the bomb.
-
@Rob said in Endpoint Block level backups to restore from Ransom-ware:
@DustinB3403 Which locations would you include? Just document scrapes of My Docs / Downloads / Desktop? Full disk diff? Or that frustrating 'somewhere betwixt' region, including user-installed applications & associated system/registry data? Once heading down this road it's hard to know where to stop...
Well the original topic is the entire drive, so the block device. The C drive, and any subsequent drives.
If I were to back up anything from an endpoint it would only be the default user safe locations. My Docs and Desktop (windows world here).
-
@Rob said in Endpoint Block level backups to restore from Ransom-ware:
@DustinB3403 Which locations would you include? Just document scrapes of My Docs / Downloads / Desktop? Full disk diff? Or that frustrating 'somewhere betwixt' region, including user-installed applications & associated system/registry data? Once heading down this road it's hard to know where to stop...
I folder redirect My Documents and Favorites. While the idea of Desktop is nice, it has caused me more issues than it's ever saved. Assuming you're online (which assuming you work in the office will be most of the time), the desktop is a folder on the server which is noticeably slower than the local one and frequently has issues installing from a network location.
In these situations, I try to go with the HR situation instead - HR policy says everything needed to be saved needs to be in My Documents.
-
@scottalanmiller said in Endpoint Block level backups to restore from Ransom-ware:
@stacksofplates said in Endpoint Block level backups to restore from Ransom-ware:
We don't back up workstations at all. It's a little different because it's RHEL but there is nothing on the workstations at all. Users can't even save to them. Apps, projects, archives, home directories, etc are all automounted.
Automounting is the bomb.
Isn't that kinda the same as folder redirection, except that Windows can have a local copy in case the network location become unavailable?
-
@Dashrender said in Endpoint Block level backups to restore from Ransom-ware:
@scottalanmiller said in Endpoint Block level backups to restore from Ransom-ware:
@stacksofplates said in Endpoint Block level backups to restore from Ransom-ware:
We don't back up workstations at all. It's a little different because it's RHEL but there is nothing on the workstations at all. Users can't even save to them. Apps, projects, archives, home directories, etc are all automounted.
Automounting is the bomb.
Isn't that kinda the same as folder redirection, except that Windows can have a local copy in case the network location become unavailable?
The idea is the same. But the advantage on Linux/Unix is I can automount pretty much everything, including all of my applications. As long as everyone's path points to /apps or wherever you mount to they will run apps from there. Also since 90% of my system customization (themes, icons, etc) are in my home directory all of my customizations follow me as well (including my desktop
) -
Another thing autofs does is not mount the share until it's accessed. So if I log in and have an automount to /projects but never go in there it uses no resources. As soon as I type /projects it creates the mount on the fly. Then after I leave that directory it will auto unmount after a certain time.
-
@Dashrender said in Endpoint Block level backups to restore from Ransom-ware:
@scottalanmiller said in Endpoint Block level backups to restore from Ransom-ware:
@stacksofplates said in Endpoint Block level backups to restore from Ransom-ware:
We don't back up workstations at all. It's a little different because it's RHEL but there is nothing on the workstations at all. Users can't even save to them. Apps, projects, archives, home directories, etc are all automounted.
Automounting is the bomb.
Isn't that kinda the same as folder redirection, except that Windows can have a local copy in case the network location become unavailable?
Not exactly. And so much more reliable.
-
@stacksofplates said in Endpoint Block level backups to restore from Ransom-ware:
@Dashrender said in Endpoint Block level backups to restore from Ransom-ware:
@scottalanmiller said in Endpoint Block level backups to restore from Ransom-ware:
@stacksofplates said in Endpoint Block level backups to restore from Ransom-ware:
We don't back up workstations at all. It's a little different because it's RHEL but there is nothing on the workstations at all. Users can't even save to them. Apps, projects, archives, home directories, etc are all automounted.
Automounting is the bomb.
Isn't that kinda the same as folder redirection, except that Windows can have a local copy in case the network location become unavailable?
The idea is the same. But the advantage on Linux/Unix is I can automount pretty much everything, including all of my applications. As long as everyone's path points to /apps or wherever you mount to they will run apps from there. Also since 90% of my system customization (themes, icons, etc) are in my home directory all of my customizations follow me as well (including my desktop
)Yeah, while there are times I like the registry, I do at times long for the days of Windows 3.x and config files for apps. Super easy to migrate, etc.
-
@Dashrender said in Endpoint Block level backups to restore from Ransom-ware:
@stacksofplates said in Endpoint Block level backups to restore from Ransom-ware:
@Dashrender said in Endpoint Block level backups to restore from Ransom-ware:
@scottalanmiller said in Endpoint Block level backups to restore from Ransom-ware:
@stacksofplates said in Endpoint Block level backups to restore from Ransom-ware:
We don't back up workstations at all. It's a little different because it's RHEL but there is nothing on the workstations at all. Users can't even save to them. Apps, projects, archives, home directories, etc are all automounted.
Automounting is the bomb.
Isn't that kinda the same as folder redirection, except that Windows can have a local copy in case the network location become unavailable?
The idea is the same. But the advantage on Linux/Unix is I can automount pretty much everything, including all of my applications. As long as everyone's path points to /apps or wherever you mount to they will run apps from there. Also since 90% of my system customization (themes, icons, etc) are in my home directory all of my customizations follow me as well (including my desktop
)Yeah, while there are times I like the registry, I do at times long for the days of Windows 3.x and config files for apps. Super easy to migrate, etc.
Even in the days of Windows 3.x and before, you still had a registry and regedit available. Just not so many reasons that you HAD to go change things in it.
-
@travisdh1 said in Endpoint Block level backups to restore from Ransom-ware:
@Dashrender said in Endpoint Block level backups to restore from Ransom-ware:
@stacksofplates said in Endpoint Block level backups to restore from Ransom-ware:
@Dashrender said in Endpoint Block level backups to restore from Ransom-ware:
@scottalanmiller said in Endpoint Block level backups to restore from Ransom-ware:
@stacksofplates said in Endpoint Block level backups to restore from Ransom-ware:
We don't back up workstations at all. It's a little different because it's RHEL but there is nothing on the workstations at all. Users can't even save to them. Apps, projects, archives, home directories, etc are all automounted.
Automounting is the bomb.
Isn't that kinda the same as folder redirection, except that Windows can have a local copy in case the network location become unavailable?
The idea is the same. But the advantage on Linux/Unix is I can automount pretty much everything, including all of my applications. As long as everyone's path points to /apps or wherever you mount to they will run apps from there. Also since 90% of my system customization (themes, icons, etc) are in my home directory all of my customizations follow me as well (including my desktop
)Yeah, while there are times I like the registry, I do at times long for the days of Windows 3.x and config files for apps. Super easy to migrate, etc.
Even in the days of Windows 3.x and before, you still had a registry and regedit available. Just not so many reasons that you HAD to go change things in it.
I remember needing it for sound cards.
