Hi,

Could someone show me official Microsoft documentation that shows whether or not Windows 2003 ntbackup (or 2008 backup) is able to backup and restore Windows event log files.

I know that if you try and backup the .evt files directly (C:\WINDOWS\system32\config) that ntbackup will silently skip out those files. By 'silently' I mean the backup will show as being 100% successful, and no event logs will be backed up, or reported as not being able to be backed up.

The contents of system state is described here:
http://technet.microsoft.com/en-us/library/cc785306%28WS.10%29.aspx

I have not investigated 2008 backup capabilities, but if you happen to know event log backup on 2008 that would be useful.

*Note* I know that there are WMI scripts to backup eventlogs. This is not what I am asking. I am asking whether the built in backup software can do it.

To test the 2003 backup side of things I performed the following steps:

1. On 2003 DC, backed up system state using ntbackup.
2. Cleared event logs.
3. Rebooted into Active Directory Restore mode
4. Used ntbackup to restore the system state
5. Rebooted into normal mode
6. Event viewer showed no events older than when I cleared the event logs in step 2.

This practical experiment answers one of my questions:

Does 2003 system state backup, backup the Windows event logs?
Answer: No.

Does anyone know if 2008 is the same?

Thank you for your time.