Weekly quickTIP
Better GPO Backups
Use your downtime productively and check that your GPO backups are up to snuff.
- By Greg Shields
- 09/29/2008
When I'm onsite at a consulting gig, there's often a bit of downtime while we wait for a process to complete or a file copy to finish. During those slow times I always try to find something productive to do that's of benefit to the client. That way, they're always getting the biggest bang for their consulting dollar -- even during what could be considered "wait-and-see" times.
For just those times I take with me a mental litany of health checks to run. Making sure Active Directory has the right settings and that nothing appears out of place is a big part of that list. And of all the gigs I've been on, the one Active Directory configuration that I routinely find missing is good GPO backups.
Does your organization plan to use the "regular" Active Directory restore process to bring GPOs back to life? If so, you're in for a complex process that's fraught with pain. Navigating through Active Directory's authoritative restore process can be complex to the point of absurdity. (Really, Microsoft -- in eight years, couldn't we have figured out a teensy, weensy better process?) So, get around the complexity by using a completely different tool for doing your GPO backups straight out of the GPMC Scripts.
The GPMC scripts are made up of a number of individual command-line tools for manipulating GPOs, and two of these scripts have two handy tools for backing up and later restoring GPOs in a snap. You'll need to download and install them to a machine where you can create and reliably run a scheduled task. To back up your GPOs once the scripts are installed, create a scheduled task that runs the following command on a regular basis:
cscript.exe "C:\Program Files\Microsoft Group Policy\GPMC Sample Scripts\BackupAllGPOs.wsf" {backupLocation}
This command backs up the GPOs as well as their contents and settings to the location identified in {backupLocation}. If you ever need to restore an accidentally deleted GPO, the process is as simple as running:
cscript.exe "C:\Program Files\Microsoft Group Policy\GPMC Sample Scripts\RestoreGPO.wsf" {backupLocation} {backupID}
The value for {backupID} above will be the name or GUID of the GPO to restore.
About the Author
Greg is an independent author, speaker, and IT consultant, as well as a Founding Partner with Concentrated Technology. With nearly 15 years in information technology, Greg has developed extensive experience in systems administration, engineering, and architecture specializing in Microsoft OS, remote application, and virtualization technologies. Greg is a Contributing Editor and columnist for TechNet Magazine, a former columnist for Redmond Magazine and Virtualization Review Magazine, and has authored or contributed to ten books and countless white papers and webcasts. His writing is regularly seen in publications like TechTarget online, e-books from Realtime Publishers, and the UK-based IT EXPERT Magazine. He has also produced numerous video training series for CBT Nuggets.