REM (assumes system date is in mm/dd/yyyy format and turns it into YYYY-MM-DD format):įOR /F "TOKENS=1* DELIMS= " %%A IN ('DATE/T') DO SET CDATE=%%Bįor /f "tokens=2-4 delims=/ " %%a in ('date /t') do (set date=%%c-%%a-%%b) REM Prepare %date% variable with date in order to use date in logfile name ![]() ![]() Feel free to improve the error checking and reporting :-) Note there is no error checking to verify that the volume is mounted before running robocopy, it assumes everything went well and skips the robocopy completely if O: doesn't exist after the mount attempt. The script assumes TrueCrypt is assumed for all users on the server in the default installation folder. You'll need to specify the correct disk partition in place of \Device\Harddisk2\Partition1 for your encrypted partition as well (or you could easily modify to mount a file-based volume, though speed may take a hit). The keyfile is tiny so you could save it on a floppy disk (but don't 'cause they're unreliable) or USB stick or if you make your own plaintext keyfile, you could print it out and store the paper securely (but you'll need to type it in fully intact with whitespace correctly to restore). A company safe at a different location or a bank safety deposit box or something similar, preferably with two copies in case one gets corrupted, would be ideal, depending on how much security you need. It should be stored somewhere safe but not with the backup disks or you might as well not encrypt anything. This should be obvious, but don't get lazy and forget to backup the keyfile. If you don't backup the keyfile, you're going to be hosed if your Veeam server doing the backups goes away without a keyfile backup and you need to restore! The keyfile is your password. Note that you MUST BACKUP THE KEYFILE offsite in a secure manner, as you will need it to be able to mount the encrypted partition and retrieve your backups. The volume has no password but is encrypted with the contents of the keyfile located at C:\scripts\KEYFILE.KEY which you can generate using the keyfile tool in TrueCrypt or create from any file however you prefer. The robocopy log files are stored in C:\scripts\logs\CopyToExternal_.txt with one logfile created per day and if multiple runs are made in one day, the log from each run will be appended to that day's logfile. The script is stored in C:\scripts as CopyToExternal.cmd. The removable disk drive is at E: but is only used from O: which is the encrypted partition mounted by the script below, which is triggered by Veeam at the end of the last backup job (though it could be scheduled as a task or triggered by whatever method you desire). ![]() This is on Server 2008 R2.įirst, I installed TrueCrypt and created an encrypted partition on the removable disk using no password but using a keyfile instead, since it will be auto-mounted. ![]() This is a virtual Veeam Backup machine that backs up to local storage at B:\Veeam and my goal is to mirror B:\Veeam to an encrypted partition on, in this case, a Dell RD1000 disk-cartridge drive located at O: when mounted, but it could be any removable disk. Pulling together my previous knowledge of TrueCrypt, plus their docs, plus some forums posts here, I figured I'd post the batch script I came up with to encrypt offsite backups.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |