Weekly quickTIP

Better GPO Backups

Use your downtime productively and check that your GPO backups are up to snuff.

When I'm onsite at a consulting gig, there's often a bit of downtime while we wait for a process to complete or a file copy to finish. During those slow times I always try to find something productive to do that's of benefit to the client. That way, they're always getting the biggest bang for their consulting dollar -- even during what could be considered "wait-and-see" times.

For just those times I take with me a mental litany of health checks to run. Making sure Active Directory has the right settings and that nothing appears out of place is a big part of that list. And of all the gigs I've been on, the one Active Directory configuration that I routinely find missing is good GPO backups.

Does your organization plan to use the "regular" Active Directory restore process to bring GPOs back to life? If so, you're in for a complex process that's fraught with pain. Navigating through Active Directory's authoritative restore process can be complex to the point of absurdity. (Really, Microsoft -- in eight years, couldn't we have figured out a teensy, weensy better process?) So, get around the complexity by using a completely different tool for doing your GPO backups straight out of the GPMC Scripts.

The GPMC scripts are made up of a number of individual command-line tools for manipulating GPOs, and two of these scripts have two handy tools for backing up and later restoring GPOs in a snap. You'll need to download and install them to a machine where you can create and reliably run a scheduled task. To back up your GPOs once the scripts are installed, create a scheduled task that runs the following command on a regular basis:

cscript.exe "C:\Program Files\Microsoft Group Policy\GPMC Sample Scripts\BackupAllGPOs.wsf" {backupLocation}

This command backs up the GPOs as well as their contents and settings to the location identified in {backupLocation}. If you ever need to restore an accidentally deleted GPO, the process is as simple as running:

cscript.exe "C:\Program Files\Microsoft Group Policy\GPMC Sample Scripts\RestoreGPO.wsf" {backupLocation} {backupID}

The value for {backupID} above will be the name or GUID of the GPO to restore.

About the Author

Greg Shields is Author Evangelist with PluralSight, and is a globally-recognized expert on systems management, virtualization, and cloud technologies. A multiple-year recipient of the Microsoft MVP, VMware vExpert, and Citrix CTP awards, Greg is a contributing editor for Redmond Magazine and Virtualization Review Magazine, and is a frequent speaker at IT conferences worldwide. Reach him on Twitter at @concentratedgreg.

comments powered by Disqus
Most   Popular