Sharepoint 2010 protection in DPM 2010: Part 1

March 11, 2010 at 4:42 pm in Uncategorized by mikeresseler

Hey All,

This post will the first of three about sharepoint protection.

Part 1 will be about the preparation to protect a sharepoint farm and some background information what DPM can do with your sharepoint farm.

Part 2 will be about creating a protection group for the sharepoint farm and some explanation on how it works

Part 3 will be an example of how you can do level-item restore and what is necessary to achieve this.


Background information

So what can we protect with DPM 2010?  Here’s the list

  • Microsoft Office SharePoint Portal Server 2003
  • Microsoft Office SharePoint Server 2007
  • Microsoft Office SharePoint Server 2010
  • Windows SharePoint Foundation 2010
  • Windows SharePoint Services version 3.0
  • Windows SharePoint Services version 2.0

So what can we do?  We can do a farm protection with one-click, there is the possibility of automatically protecting new content databases.  We can do a recovery of an entire farm, an entier Database, a Site Collection, a Site and an Item. 

Please note that this Site and Item level recovery only works with Sharepoint 2010 without a recovery farm.

Oke, sound all good, time to prepare my environment for Sharepoint protection.


Preparing the Sharepoint environment

First is first, in my labo environment, I only had one server running everything from sharepoint, the front-end IIS, the Sharepoint 2010 application and the SQL server.  It ran on a windows server 2008 R2 and was the latest beta available on the connect site.

I started with deploying an agent to the sharepoint server.  After that is done, you need to configure something extra on the sharepoint box. So here goes:

Open a command prompt as administrator and go to the DPM agent installation bin folder(default: %programfiles%\Microsoft Data Protection Manager\DPM\bin)


Run the command ConfigureSharepoint.exe –enableSharepointProtection

This will enable the protection of the sharepoint farm.  It will enable the WSSCmdletsWrapper DCOM object and the WSS VSS writer.  As you can see in the screenshot, it will ask you for a username and password.  This needs to be the (or a) farm administrator account.


After that, we are going to run another command: ConfigureSharepoint.exe EnableSPSearchProtection

This will enable the protection of the Search provider.  Again, you need to enter the username and password for a sharepoint administrator.


Oke, now let’s have a better look at the command.




ConfigureSharePoint.exe [-EnableSharePointProtection] | [-EnableSPSearchProtection] | [-ResolveAllSqlAliases] | [-SetTempPath <Path>]

This command should be run as a local administrator. For Windows 2008 onwards, ensure that this command is run from an elevated command prompt.

Enables the protection of SharePoint farm. It registers the WSSCmdletsWrapper DCOM object and enables the WSS VSS writer. When prompted to enter user name and password, enter the credentials of the SharePoint farm administrator.

Enables the protection of WSS 3.0 Search and MOSS 2007 SSP. It registers the WSSCmdletsWrapper DCOM object. When prompted to enter user name and password, enter the credentials of the SharePoint farm administrator.

This option can be run only after running -EnableSharePointProtection or -EnableSPSearchProtection on the server. It provides information about all the SQL aliases reported by the WSS VSS writer and resolves them to the corresponding SQL Server instance names. If a SharePoint database is mirrored and configured with SQL alias then the corresponding mirror’s SQL Server instance name is displayed as well. This option also reports all the SQL aliases that cannot be resolved to any SQL Server.

-SetTempPath <Path>
Sets the environment variable TEMP and TMP to the specified path


The good observer 😉 has seen that you can run the parameters all at once so that you don’t need to give the username and password twice.

One important note… The farm administrator account doesn’t need to be local administrator on the Web Front End.  This was a requirement for DPM 2007.  From the moment you do perform the command, DPM 2010 will give the following permissions to the sharepoint farm administrator:

  • Read and Execute to all DPM directories.
  • Read, Execute and Write (all) access on Temp directory in the DPM directory.
  • Read permissions to the DPM hive in the registry.

That’s it for now, next post will be the creation of a protection group