You want to back up a GPO.
Open the GPMC snap-in.
In the left pane, expand the Forest container, expand the Domains container, browse to the domain of the GPO you want to back up, and expand the Group Policy Objects container.
Right-click on the GPO you want to back up, and select Back Up.
For Location, enter the folder path to store the backup files.
For Description, enter a descriptive name for the backup.
Click the Back Up button.
You will see a progress bar and status message that indicates if the back up was successful.
Click OK to exit.
> backupgpo.wsf "<GPOName>" "<BackupFolder>" /comment:"<BackupComment>"
' This code backs up a GPO to the specified backup location. ' ------ SCRIPT CONFIGURATION ------ strGPO = "<GPOName>" ' e.g. Default Domain Policy strDomain = "<DomainDNSName>" ' e.g. rallencorp.com strLocation = "<BackupFolder>" ' e.g. c:\GPMC Backups strComment = "<BackupComment>" ' e.g. Default Domain Policy Weekly ' ------ END CONFIGURATION --------- set objGPM = CreateObject("GPMgmt.GPM") set objGPMConstants = objGPM.GetConstants( ) ' Initialize the Domain object set objGPMDomain = objGPM.GetDomain(strDomain, "", objGPMConstants.UseAnyDC) ' Find the GPO you want to back up set objGPMSearchCriteria = objGPM.CreateSearchCriteria objGPMSearchCriteria.Add objGPMConstants.SearchPropertyGPODisplayName, _ objGPMConstants.SearchOpEquals, cstr(strGPO) set objGPOList = objGPMDomain.SearchGPOs(objGPMSearchCriteria) if objGPOList.Count = 0 then WScript.Echo "Did not find GPO: " & strGPO WScript.Echo "Exiting." WScript.Quit elseif objGPOList.Count > 1 then WScript.Echo "Found more than one matching GPO. Count: " & _ objGPOList.Count WScript.Echo "Exiting." WScript.Quit else WScript.Echo "Found GPO: " & objGPOList.Item(1).DisplayName End if ' Kick off the backup On Error Resume Next set objGPMResult = objGPOList.Item(1).Backup(strLocation, strComment) ' Call the OverallStatus method on the GPMResult. ' This will throw an exception if there were any ' errors during the actual operation. objGPMResult.OverallStatus( ) if objGPMResult.Status.Count > 0 then WScript.Echo "Status messages:" & objGPMResult.Status.Count for i = 1 to objGPMResult.Status.Count WScript.Echo objGPMResult.Status.Item(i).Message next WScript.Echo vbCrLf end if ' Print the results if Err.Number <> 0 then WScript.Echo "The backup failed." WScript.Echo "Attempted to backup GPO '" & strGPO & "' to location " & strLocation WScript.Echo "Error: " & err.description else set objGPMBackup = objGPMResult.Result WScript.Echo "Backup completed successfully." WScript.Echo "GPO ID: " & objGPMBackup.GPOID WScript.Echo "Timestamp: " & objGPMBackup.TimeStamp WScript.Echo "Backup ID: " & objGPMBackup.ID end if
The GPMC provides a way to back up individual (or all) GPOs. A GPO backup consists of a set of folders and files that catalog the GPO settings, filters and links, and is created in the backup location you specify. You can back up a GPO to a local drive or over the network to a file server. Restoring a GPO is just as easy and is described in Recipe 9.18.
Prior to GPMC, the only way to back up GPOs was by backing up the System State on a domain controller. The System State includes Active Directory and SYSVOL (both components are needed to completely back up a GPO). To restore a GPO using this method, you'd have to boot into DS Restore mode and perform an authoritative restore of the GPO(s) you were interested in. Needless to say, the GPMC method is significantly easier.
A good practice is to back up your GPO backups. Since all the back-up information is captured in a series of files, you can back up that information to media, which provides two levels of restore capability. You could restore the last backup taken, which could be stored on a domain controller or file server, or you could go to tape and restore a previous version.
In the folder you specify to store the GPO backups is a list of folders that have GUIDs for names. This does not make it very easy to distinguish which backups are for which GPOs. A quick way to find that out is to use the querybackuplocation.wsf script. This will list each of the folder GUID names and the corresponding GPO it is for:
> querybackuplocation.wsf "c:\gpmc backups"
I use a GPMSearchCriteria object to find the GPO that is equal to the display name of the GPO specified in the configuration section. I use an if elseif else conditional statement to ensure that only one GPO is returned. If none or more than one is returned, I abort the script. If only one is returned, I call the GPMGPO.Backup method to back up the GPO. The first parameter is the directory to store the GPO backup files, and the second parameter is a comment that can be stored with the back up. This comment may come in handy later for doing searches against the backups on a server, so you may want to think about what to put for it.
Recipe 9.18 for restoring a GPO and MSDN: GPMGPO.Backup