Group policies have an important role in the Active Directory domain management, their damage or accidental deletion can lead to unpredictable results.
Backup of Group Policy objects (GPO) allows you to quickly restore their state and if not — reduce them to minimum size. In addition, backups should be created before editing the GPO settings and in the case of problems, you can easily roll back the changes.
Backup and Restore Group Policy Objects
You can manage backup and restore the GPO using the graphical tool GPMC or via PowerShell. To work with GPOs, you must have the Domain and Enterprise Admins privileges.
Backup/Restore GPO using Group Policy Management Console
Run Group Policy Management snap-in from the Administrative Tools or by pressing Win + R and typing gpmc.msc. Go to Group Policy Objects section, select the desired GPO, right click on it and select «Back Up» from the context menu.
Then in new window, specify the directory in which you want to store backup, add a description, and click on «Back Up».
If you need to save all the domain policies at once click, on Group Policy Objects section and select «Back Up All».
There are two ways to restore GPO from backup. If you want to roll back changes to an existing policy, select the appropriate GPO, and in context menu select «Restore from Backup».
In Restore Wizard window, specify the location of backup, and then click on the GPO version to restore.
You can choose by date or description. Also, using the «View Settings» button, you can view the settings contained in the GPO.
You can also restore the GPO from Manage Backups tool by right click on Group Policy Objects section and select «Manage Backups».
In this window, you need to specify a folder with backup, select an object to restore and click «Restore». By the way, you can not only to restore the existing but also import new GPO with this.
Using PowerShell to back up and restore GPOs
To manage Group Policy the PowerShell has a special module GroupPolicy, which includes cmdlets for GPOs backup and restoring GPOs. So the following command will create a copy of GPO named “Disable UAC” in the folder C:\Backup backup copy of GPO. After that add a comment “Backup using PoSh”:
Backup-GPO -Name "Disable UAC" -Path "C:\Backup" -Comment "Backup using PoSh"
You can use the command to back up all GPO in the current domain:
Backup-GPO -All -Path ″C:\Backup″
To restore a policy, you can use the cmdlet Restore-GPO. The following command will restore the most recent version of the GPO named “Disable UAC”:
Restore-GPO -Name “Disable UAC “-Path ″C:\ Backup″
To restore all GPOs use the key -All:
Restore-GPO -All -Path ″C:\Backups″
If you want to restore the GPO version, which is different from the latter, with the key ID –BackupID you can specify backup:
Restore-GPO -Path ″C:\Backups″ -BackupID 5CA0BC78-563B-4AF5-8C37-D804F51F84AE
BackupID is a 32-bit identifier that is unique for each backup. Its name matches the name of the folder where the copy is stored.
PowerShell can also be used to automate the backup of Group Policy Objects. For example, to schedule a backup of all domain GPO daily at 1 am:
$shedTrigger = New-JobTrigger -Daily -At 1am
Register-SheduledJob -Name AllGPOBackup -ScriptBlock {Backup-GPO -All -Path ″C:\Backups″} -Trigger $ shedTrigger
The post How to Backup and Restore Group Policy Objects appeared first on TheITBros.