How to Set Up Windows Server Backup and Recovery on Windows Server 2025
A robust backup and recovery strategy is non-negotiable for any production Windows Server 2025 environment. Windows Server Backup is the built-in backup solution included with Windows Server 2025 at no extra cost, supporting full server backups, volume-level backups, system state backups, and bare metal recovery. While it does not replace enterprise-grade solutions like Azure Backup or third-party agents for large or complex environments, it is a reliable option for small to mid-size deployments and an important recovery tool even in larger environments. This guide covers installing the feature, creating backup policies with PowerShell, scheduling automated backups to local disks and network shares, using wbadmin.exe for recovery operations, restoring individual files, performing system state backups, and planning for bare metal recovery using Windows PE.
Prerequisites
- Windows Server 2025 (Standard or Datacenter)
- Local Administrator or Backup Operators group membership
- A backup destination: USB disk, internal second disk, or accessible network share
- Sufficient free space on backup target (at least 1.5× the size of data being backed up)
- Windows Server Backup feature installed (covered in Step 1)
- VSS (Volume Shadow Copy Service) operational — verify with
vssadmin list providers
Step 1: Install the Windows Server Backup Feature
Windows Server Backup is not installed by default on Windows Server 2025 Server Core or GUI installations. Install it with Add-WindowsFeature (or its alias Install-WindowsFeature) along with the optional command-line tools sub-feature.
# Install Windows Server Backup feature and management tools
Install-WindowsFeature -Name Windows-Server-Backup -IncludeManagementTools
# Verify installation
Get-WindowsFeature -Name Windows-Server-Backup
# Import the Windows Server Backup PowerShell module
Import-Module WindowsServerBackup
# Verify the module loaded and list available commands
Get-Command -Module WindowsServerBackup | Sort-Object Name
# Confirm wbadmin.exe is available
wbadmin /?
Step 2: Create a Backup Policy with PowerShell
A backup policy (WBPolicy) defines what to back up, where to store it, and when to run. You build the policy programmatically using New-WBPolicy and a series of Add-WB* and Set-WB* cmdlets, then register it to take effect.
# Create a new backup policy object
$policy = New-WBPolicy
# Configure VSS backup option
# Full backup copies VSS writer data and clears transaction logs
# Copy backup does not affect VSS writer state (good for secondary backup tools)
Set-WBVssBackupOption -Policy $policy -VssFullBackup
# Add the OS volume (C:) to the backup
$osVolume = Get-WBVolume -AllVolumes | Where-Object { $_.MountPath -eq "C:" }
Add-WBVolume -Policy $policy -Volume $osVolume
# Add a data volume (D:)
$dataVolume = Get-WBVolume -AllVolumes | Where-Object { $_.MountPath -eq "D:" }
Add-WBVolume -Policy $policy -Volume $dataVolume
# Include system state (required for AD, DNS, DHCP recovery)
Add-WBSystemState -Policy $policy
# Include bare metal recovery data (enables full server restore from WinPE)
Add-WBBareMetalRecovery -Policy $policy
# Verify policy volumes
Get-WBVolume -Policy $policy
Step 3: Configure Backup Targets
Windows Server Backup supports backing up to a locally attached disk (dedicated backup disk), a volume on a local disk, or a remote network share. A dedicated backup disk is the simplest and most reliable option for on-premises servers; network shares are better for centralized backup storage.
# --- Option A: Dedicated local disk target ---
# List available disks for backup target
Get-WBDisk
# Create a backup target from a specific disk (disk is dedicated and formatted by WSB)
# WARNING: This wipes the target disk. Identify disk number carefully.
$backupDisk = Get-WBDisk | Where-Object { $_.DiskInfo.TotalCapacity -gt 200GB -and $_.DiskInfo.DiskNumber -eq 1 }
$diskTarget = New-WBBackupTarget -Disk $backupDisk -Label "WSB_Backup_Disk01" -PreserveExistingBackups $false
Add-WBBackupTarget -Policy $policy -Target $diskTarget
# --- Option B: Network share target ---
$netTarget = New-WBBackupTarget -NetworkPath "\backupserverServerBackupsWS2025-01" `
-Credential (Get-Credential -Message "Enter credentials for the backup share")
Add-WBBackupTarget -Policy $policy -Target $netTarget
# Verify backup target is configured
Get-WBBackupTarget -Policy $policy
Step 4: Schedule Automated Backups
Once the policy and target are configured, define a schedule and register the policy. Once registered, the Windows Server Backup scheduled task runs automatically at the specified times.
# Set backup schedule — run at 2:00 AM and 2:00 PM daily
$schedTime1 = [datetime]"02:00"
$schedTime2 = [datetime]"14:00"
Set-WBSchedule -Policy $policy -Schedule $schedTime1, $schedTime2
# Register the policy (makes it active — starts running on schedule)
Set-WBPolicy -Policy $policy -Force
# Verify the registered policy
Get-WBPolicy
# View backup summary including last run time and status
Get-WBSummary
# List all stored backup versions on the target
Get-WBBackupTarget -Policy (Get-WBPolicy) | ForEach-Object {
Get-WBBackupSet -BackupTarget $_
}
Step 5: Run an Immediate Backup with wbadmin.exe
The wbadmin.exe command-line tool provides a text-based interface for running backups and recoveries immediately, making it useful for scripts and Server Core environments without a GUI.
# Start an immediate backup of all critical volumes to a network share
wbadmin start backup `
-backupTarget:\backupserverServerBackupsWS2025-01 `
-include:C:,D: `
-systemState `
-allCritical `
-vssFull `
-quiet
# Start backup to a local volume (not dedicated disk)
wbadmin start backup -backupTarget:E: -include:C: -quiet
# List all backup versions available on a target
wbadmin get versions -backupTarget:\backupserverServerBackupsWS2025-01
# Get details of a specific backup version
wbadmin get items -version:05/17/2026-02:00 -backupTarget:\backupserverServerBackupsWS2025-01
# Check backup job status while running
wbadmin get status
Step 6: Restore Files from Backup
File-level recovery can be performed without rebooting the server. Use wbadmin start recovery to restore specific files or folders from a backup version, specifying the version identifier returned by wbadmin get versions.
# Restore a specific file from backup
wbadmin start recovery `
-version:05/17/2026-02:00 `
-items:C:inetpubwwwrootweb.config `
-itemType:File `
-backupTarget:\backupserverServerBackupsWS2025-01 `
-recoveryTarget:C:Recoveryweb.config `
-quiet
# Restore an entire folder
wbadmin start recovery `
-version:05/17/2026-02:00 `
-items:C:DataReports `
-itemType:File `
-backupTarget:\backupserverServerBackupsWS2025-01 `
-recoveryTarget:C:Restored `
-recursive `
-quiet
# Restore a full volume
wbadmin start recovery `
-version:05/17/2026-02:00 `
-items:D: `
-itemType:Volume `
-backupTarget:\backupserverServerBackupsWS2025-01 `
-recoveryTarget:D: `
-quiet
Step 7: System State Backup and Recovery
System state backup captures the critical OS components including the registry, COM+ class registration database, boot files, and — on domain controllers — the Active Directory database and SYSVOL. This is essential for recovering from AD corruption without performing a full server restore.
# Create a dedicated system state backup
wbadmin start systemstatebackup `
-backupTarget:\backupserverSystemStateBackupsWS2025-01 `
-quiet
# List system state backup versions
wbadmin get versions -backupTarget:\backupserverSystemStateBackupsWS2025-01
# Restore system state (requires reboot into DSRM for domain controllers)
# Run in elevated command prompt
wbadmin start systemstaterecovery `
-version:05/17/2026-02:00 `
-backupTarget:\backupserverSystemStateBackupsWS2025-01 `
-quiet
# For Active Directory authoritative restore (run after system state recovery in DSRM):
# ntdsutil
# > activate instance ntds
# > authoritative restore
# > restore subtree "OU=Users,DC=contoso,DC=com"
Step 8: Bare Metal Recovery from WinPE
Bare metal recovery (BMR) restores a server from scratch to new or replacement hardware using a WinPE boot environment. This is the recovery path for total server failure, disk replacement, or migration to new hardware.
# Before a disaster: verify backup includes BMR data
Get-WBPolicy | Select-Object -ExpandProperty BMRBackupEnabled
# Verify backup can be read (test the catalog)
wbadmin get versions -backupTarget:\backupserverServerBackupsWS2025-01
# === RECOVERY PROCEDURE (run from WinPE recovery environment) ===
# 1. Boot from Windows Server 2025 installation media
# 2. Select: Repair your computer > Troubleshoot > System Image Recovery
# 3. Or use wbadmin in WinPE command prompt:
# From WinPE, connect to network share
net use Z: \backupserverServerBackupsWS2025-01 /user:DOMAINBackupReader Pa$$w0rd
# List available backups
wbadmin get versions -backupTarget:Z:
# Start bare metal recovery
wbadmin start sysrecovery `
-version:05/17/2026-02:00 `
-backupTarget:Z: `
-machine:WS2025-01 `
-restoreAllVolumes `
-recreateDisks `
-quiet
Conclusion
Windows Server Backup on Windows Server 2025 provides a comprehensive, no-cost backup foundation that covers file recovery, system state protection, and complete bare metal restore capabilities. By combining scheduled daily backups with VSS full backups to both a local disk and a network share, you implement the 3-2-1 backup principle using only built-in tooling. Always test recovery procedures in a non-production environment before relying on them in a disaster scenario — schedule a quarterly bare metal recovery drill and verify that system state backups can successfully restore Active Directory. For organizations with more demanding RPO and RTO requirements, Windows Server Backup integrates well alongside Azure Backup agent or third-party solutions as part of a layered backup strategy.
