Using DPM 2010 to protect mail on client machines (Part 1)

If you would like to read the next part in this article series please go to Using DPM 2010 to protect mail on client machines (Part 2).


Microsoft System Center Data Protection Manager 2010 (DPM) was released this year and has a lot of improvements from the previous versions. It is fully compatible with Exchange Server 2010 with its new architecture (DAG) and also enabled client protection. In this article we will cover the client protection side and in this process oversee some of the new features of the product, such as:

  • Installing DPM client agents
  • Installing DPM client interface on a workstation
  • Creating Protecting Group for clients
  • Using co-location of data
  • Auto-grown for volumes

Using DPM Client protection any client somehow connected to the network (physically connected, through VPN, Direct access and etc) will be able to have its personal data protected by DPM. We can use these capabilities to protect our special users (VIP users) with their mail data as well PSTs and any other files.

We know that PSTs are a pain to manage and they are not available when the users access through OWA/Mobile or even with a different computer, they are not also supported to use in a network share however most of the companies are still using them and trying to migrate them to a more consistent solution. Nowadays, we can address most of PST issues with simple steps however it may require some time. Here are a couple of examples:

  • Minimize/restrict the use of PSTs using GPOs, a good example can be checked here at
  • Use Exchange Server 2010 Archive
  • Use PST for historical purposes only, where a copy of the file is also kept in your File Server. This way the user does not have to add or change contents from the PST files

For this article, we will be creating a Protection Group that will protect just VIP users and some of their folders (My Documents and Desktop folders basically) and we can instruct of force through GPO the users to save all their PST on the same location (My Documents for instance) and from that point on DPM will protect those files. You may be asking about PST and open files, right? Well, that is not a problem since DPM is based on VSS, then the PST won’t be a problem. Also there is different time range that you can configure to synchronize and create recovery point for the clients.

Installing DPM Agent

The first process of our journey here is the DPM Agent. Bear in mind that the same process to install on a workstation will be the same for an Exchange Server, SQL Server or any other server protected by DPM. Using DPM we don’t have to bother choosing agents for different types of servers, it’s going to be always the same. These are the processes that you can use to install the agent from DPM 2010 Administrator console:

  1. Open Microsoft System Center Data Protection Manager 2010 Console
  2. Click on Management
  3. On the Agents tab all installed agents will be listed, we can click on Install located in the Toolbox Actions (Figure 01)

Figure 01

  1. In the Select Agent Deployment Method page. Here we can see the first change of this new version, using DPM 2010 we can manage through GUI an attached agents where we can install an agent manually on a client/server and then afterwards connect it to DPM without using cmdlet to get that work done like we had in DPM 2007. We are going to select Install agents and let’s click Next. (Figure 02)

Figure 02

  1. In the Select Computers page. All agents will be listed on the left, however if the Auto Discovery has not found the agents yet we can type them in the computer name filed and click on Add button. We can install more than one agent at the same time, in this example we are going to start testing with a single computer and afterwards adding more clients to our Protection Group, just click Next. (Figure 03)

The list of computers on the left will be automatically updated based on the time configured on Auto Discovery tab in the Options section of the product.

Figure 03

  1. In the Enter Credentials page. We need to enter a credential which has access to install on the computer specified in the previous step. After that, just click Next. (Figure 04)

Figure 04

  1. In the Choose Restart Method page. Here is another major difference between DPM 2010 and the previous versions, now the restart is not a must but a maybe. If the agent is being installed on the latest Operating System the restart won’t be required. Since we are dealing with Windows 7 machine in this tutorial we are going to select Yes. Restart the selected computer after installing the protection agents (if required) and click on Next. (Figure 05)

Figure 05

  1. In the Summary page. All agents that will receive the DPM Agent will be listed, just click on Install to start the installation process.
  2. We can close at any time and see the installation progress in the Agents tab or we can just wait and see the results on the wizard. After installing the agent, just click on Close.
    The result can be seen in the Agents tab where the computer will belong initially to the Unprotected computers with protection agent (Figure 06).

Figure 06

As an aside note we can control the license and client usage in the previous figure (Figure 06) where it lists Purchased and In use for the three types of licenses (Standard, Enterprise and Client). Bear in mind that from DPM Licensing perspective only agents being used count towards the licenses. If you install an agent and don’t use then it does not count to your license.

Creating a Data Protection Group for the client machines

Now that we have installed DPM agent, it’s time to create a Protection Group for a group of agents. The Protection Group is a series of easy questions that will create the policy to protect determined resources. These are the steps that can be followed to create a Protection Group for the clients, as follows:

  1. Logged on the DPM 2010 Administrator Console
  2. Let’s click on Protection and then click on New Protection Group
  3. In the Welcome to the New Protection Group Wizard page. Just click Next.
  4. In the Select Protection Group Type page. Another difference compared to the previous version of the product, now we can choose if we are going to protect Servers or Clients. Let’s select Clients and then Next. When Client is select the wizard changes and gives us more flexibility to protect laptops and desktops. (Figure 07)

Figure 07

  1. In the Select Group Members page. We can select one or more clients/servers to be protect by this new Protection Group, another option is to use a text file containing the name of all computers to be protected, if that is the case the Add from File… button should be used.  Then, click Next. (Figure 08)

Figure 08

  1. In the Specify Inclusions and Exclusions page. This page is totally new to the product and allows us great flexibility to protect the clients. We can easily Add Rows to the Folder Inclusions and Exclusions and control the protection of the client.  (Figure 09)

Figure 09

That is the beauty of DPM, if we say My Documents for instance, we as Backup Administrator don’t have to care if that place is located in a different drive or if the user has moved to a different disk, DPM will take care of this for us.

Also, when we select My documents, DPM will protect any subfolder. If the user creates or moves stuff around underneath My Documents, it will be protected by DPM. Another interesting feature is that we are protecting the machine, if we have several users that policy will be applied to all profiles of the machines listed in the Protection Group.

The option Allow users to specify protection group members will allow end-users to add items to the protection using DPM Client on their workstation. If you users have PSTs or any other files, they can choose what they want to protect.

The last but not the least nice feature of this page is the File type exclusions where we can specify file extensions that won’t be protected in the included folder from the list above. We could block any OST file extension to be protected for example.

  1. In the Select Data Protection Method page. We have to define the Protection Group name and protection method which is Disk for Client Protection. Then, click Next. (Figure 10)

Figure 10

  1. In the Specify Short-Term goals page. We need to answer simple questions about the protection, such as: how many days we are going to keep the data? How often we are going to synchronize the data and the client computer recovery points. Also, we have an option just for Client Protection which is the Alerting Option that will alert after X number of days if the client does not communicate with DPM.

Figure 11

  1. In the Allocate Storage page. In this page we can definite how much disk space DPM will allocate for new members (the initial value is 5GB), as shown in Figure 12, and we have two new features:

  • Co-locate client computers in DPM Storage Pool – A requirement of the previous versions is to have two sets of volumes for each protected data source: one for replica and another for recovery point. In this new version we can co-locate data when the data source is either Client protection, Hyper-V or SQL 2005/2008. This way we can use better the disk space.
  • Automatically grow the volumes – Now we don’t have to keep an eye on the volumes to increase them, it’s done automatically by DPM 2010. As Backup Administrator we just need to make sure that DPM has enough room to grown and that’s it.

Figure 12

  1. In the Summary page. Just click on Create Group to start the Protection Group creation based on the settings defined in the previous pages. (Figure 13)

Figure 13

  1. In the Status page. We can check the Tasks to validate the result of each operation and then click on Close.

Figure 14

As a result of our section, the Protection group for client machines will be displayed in the Protection area of DPM, as shown in Figure 15.

Figure 15


In this first article we covered the client deployment, and Protection Group creation. In the next article we will be managing the DPM Client on a workstation and also how to restore data using either the client or serve side.

If you would like to read the next part in this article series please go to Using DPM 2010 to protect mail on client machines (Part 2).

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top