Ransomware-safe backup of your Windows Client without any Backup Software


Recommended Posts

Requirements

 

Windows Setup

  • Add a new user like "unraid" through Computer Management > Local Users and Groups, use a strong password, disable password change
  • Right click on a folder like "Documents" and click on "Advanced Share" to enable sharing this folder, delete "Everyone", add "unraid" with "read-only" permissions (this enables sharing the "Documents" folder)
  • Now click on "Share" and again add the user "unraid" with the "read-only" permission (this enables sharing all content and subfolders, ask Microsoft why you need both steps ;)  )
  • Repeat this step for each folder you need to backup

 

Unraid Setup

  • Add Windows SMB Share through Unassigned Devices, skip "Domain"
  • Repeat this step for each shared folder
  • Disable "Share" and enable "Auto-Mount". "Mount" all Shares

 

rsync Setup

  • Add the rsync script through CA User Scripts and set the paths accordingly
  • Set schedule like "Hourly"

 

Example:

1018828129_2020-11-0322_53_35.png.78bd092ef4559cfdf1020cac88710108.png

 

Notes

  • As long the backup path is not a writable share, this is safe against ransomware as our server has only read permissions on the client and the client has no permission on the server at all.
  • It seems to be easier, but do not share your full user path (C:\Users\USERNAME) as this path contains the hidden "AppData" directory which contains a massive amount of temporary files and thousands of useless files. If you want to backup a specific app, then add a share to its folder like "C:\Users\USERNAME\AppData\Roaming\Thunderbird\Profiles".
Edited by mgutt
Link to comment

"chattr +i" does not allow incremental rsync backups as it disallows new links to already existing files. This is only something which could be used before an after creating a backup to guard it in the meantime. But I do not really see a benefit as the backup folder is not reachable by usual users and if the attacker gets root access the immutable bit could be easily removed.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.