How can I backup my Group Policies?

This is a pretty easy one: with the right tool by your side, you’re just a few clicks away!

One really cool tool to manage your organization’s group policies is the free Group Policy Management Console (GPMC) from Microsoft. It’s a free download of about 6 MB and can be found here: http://www.microsoft.com/downloads/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&DisplayLang=en

The GPMC provides a lot of other cool features that make your life as a Group Policy Administrator a lot easier. Anyway, we want to backup one of our policies, so after downloading and installing the GPMC we just open it by typing “gpmc.msc” in Start->Run. After launching the program, you see your environment as shown in the picture:

Backing Up

You can now browse your environment and select a policy by expanding the [+] beside the corresponding OU or you can expand the “Group Policy Objects” node. All Group Policies can be found both in the OU they are linked to and the node “Group Policy Objects”. Once you found the Policy you would like to back up, right-click it and choose “Back up…”. You could also right-click the “Group Policy Objects” node and select “Back all Up…” to save all Group Policies. The “Back Up Group Policy Object”-window pops up, where you can give in a path to save the policy and give a description.

A click on “Back Up” saves your files.

Well, before I talk about the restore procedure, I’d like to tell you what exactly gets backed up. One can say: everything on the filesystem, that is related to the policy gets saved. As you can see in the picture below, the assistant will create a few new files and folders.

? All files are copied into a folder with a unique ID. Within this folder, you see three .xml files and another folder called DomainSysvol. The DomainSysvol folder contails all folders and files that are stored in your domain controllers’ SYSVOL folder. It contails the registry.pol files for both the user and the machine configuration as well as the ADM files used for the policy creation.

? Important: As I stated before, all NTFS files and folders that were related to the policy get backed up – BUT the linking between the policies and the OUs they were linked to, will NOT be saved. These links are stored within Active Directory and do not get backed up. I recommend that you somehow document your policy structure in order to be able to restore the GP in every OU it was before.

?

Restoring

In order to restore the backup you made, you have to right-click either the “domains” node or the “Group Policy Objects” node and select “Manage Backups..”.

The “Manage Backups” windows now pops up, where you can now select the GPs you would like to restore. If you back up multiple versions of GPs, the checkbox “Show only latest version of GPO” is for you. By clicking “Restore” the policy will be re-written to the SYSVOL folder. Keep in mind that you have to manually rstore the links to the OUs the GP was targetet to. Backup does neither backup nor restore this.

?

1 Comment so far

  1. [...] Florian’s Blog Words on Windows Server – Group Policy « Rss 2.0 link added [...]