GPO Backup – Windows 2008

Man kan schdulere et GPO backup script på en af sine windows 2008 dc’ere.
For Windows 2008 skal man downloade GPMC Scripts via nedenstående link:
http://www.microsoft.com/downloads/details.aspx?FamilyId=38C1A89B-A6D2-4F2A-A944-9236999AEE65&displaylang=en

Der kan herefter laves en daglig schdule via en CMD-fil (GPObackup.cmd), som feks kan indeholde følgende kommando:

REM************GPObackup.cmd – Daglig GPO Backup**************************
C:
cd C:Program FilesMicrosoft Group PolicyGPMC Sample Scripts
cscript BackupAllGPOs.wsf C:GPObackup
Exit

Reference til GPMC scripts:
http://technet.microsoft.com/en-us/library/cc776655.aspx

Ovenstående backup procedure, kan også laves i PowerShell.
BackupAllGpos.ps1 indeholder følgende kode:

###########################################################################
#Sletter alle tidligere GPO backups, som er ældre end 5 dage.
Get-ChildItem C:GPObackup -recurse | Where {($_.PSIsContainer) -and ($_.CreationTime -le $(Get-Date).AddDays(-5))} | Remove-Item -Recurse -Force

###########################################################################
# Function   : BackupAllGpos
# Description: Backs up all GPOs in a Domain
# Parameters : $backupDirectory – The directory where the backups will be stored
#            : $domainName – The dns name, e.g. microsoft.com, of the domain to operate on
#            : $backupComment – An optional comment for the backups, if nothing is passed the current date will be used.
# Returns    : N/A
###########################################################################

function BackupAllGpos(
  [string] $backupDirectory=$(throw ‘$backupDirectory is required’),
  [string] $domainName=$(throw ‘$domainName is required’),
  [string] $backupComment=$(get-date))
{
  $gpmAllGposInDomain = GetAllGposInDomain $domainName

  foreach ($gpmGpo in $gpmAllGposInDomain) # Iterate through all the GPOs
  {
    “Back up GPO : ” + $gpmGpo.DisplayName
    $gpmResult = $gpmGpo.Backup($backupDirectory, $backupComment) # Backup the GPO
    [void] $gpmResult.OverallStatus
    $gpoBackup = $gpmResult.Result
  }
}

###########################################################################
# Function   : GetAllGposInDomain
# Description: Returns all GPOs in a domain
# Parameters : $domainName – The dns name, e.g. microsoft.com, of the domain to operate on
# Returns    : All Group Policy Objects in the supplied domain
###########################################################################

function GetAllGposInDomain(
  [string] $domainName=$(throw ‘$domainName is required’))
{
  $gpm = New-Object -ComObject GPMgmt.GPM # Create the GPMC Main object
  $gpmConstants = $gpm.GetConstants() # Load the GPMC constants
  $gpmDomain = $gpm.GetDomain($domainName, “”, $gpmConstants.UseAnyDC) # Connect to the domain passed using any DC
  $gpmSearchCriteria = $gpm.CreateSearchCriteria() # Create a search criteria without any restrictions
  $gpmDomain.SearchGPOs($gpmSearchCriteria) # Search and find all GPOs in the domain, this will return the array
}

backupAllGpos “C:GPObackup” “win.local”

#End Script

Nedenstående billede viser en manuel afvikling af scriptet:

Man kan ligeledes lave en scedule på PowerShell scriptet. Jeg benytter her samme GPObackup.cmd, som indeholder følgende:

REM************GPObackup.cmd – Daglig GPO Backup**************************
powershell -command “& ‘c:powershellBackupAllGpos.ps1′”
Exit

Ovenstående kan selvfølgelig også afvikles fra en remote Admin server/workstation, samtidig med at der laves backup til disk/tape af de enkelte GPO backups.

Reference og download af PowerShell source code, se nedenstående link:
http://technet.microsoft.com/en-us/magazine/2007.05.grouppolicy.aspx

How to schedule a Windows Powershell script:
http://www.searchmarked.com/windows/how-to-schedule-a-windows-powershell-script.php

Running Windows PowerShell Scripts:
http://www.microsoft.com/technet/scriptcenter/topics/winpsh/manual/run.mspx

Comments are closed.