NIST's guidance for a Zero Trust Architecture

Top Read Articles

Group Policy Backup

Group Policy Objects (GPOs) are vital components of Active Directory (AD). They control the behavior of users and computers in AD by applying policy settings. An accidental deletion or modification of GPOs can therefore adversely impact the AD environment. So it is highly recommended that GPOs be backed up regularly.  Backups are useful when GPOs need to be restored. The Group Policy Management Console (GPMC)  MMC snap-in can be used to backup and restore the GPOs.

The following data are backed up while performing a GPO backup operation:

  • Settings inside the GPO
  • Permissions
  • GUID
  • WMI filter links

Backing up GPOs

The following steps illustrate how to backup GPOs:

  • Go to Start → Administrative Tools → Group Policy Management.
  • In the GPMC, expand the Group Policy Objects folder containing the GPO that needs back up.
  • Right click the GPO, and then click Back Up. To back up all GPOs in the domain, right click the Group Policy Objects folder, and then click Back Up All.
  • Specify the path to the folder where the backed up versions of the GPOs will reside. Click Back Up.
  • Finally, click OK.

Restoring a GPO

The following steps illustrate how to restore a GPO:

  • Go to Start → Run. Type gpmc.msc and click OK
  • In the GPMC, right click the Group Policy Objects folder and select Manage Backups.
  • Specify the path to locate the backup folder.
  • From the list Backed up GPOs, select the GPO that needs to be restored, and click Restore.
  • Confirm by clicking OK.
  • Finally click OK and then Close.

PowerShell Equivalents for GPO Backup

While GPMC offers a graphical interface for controlling GPO backups, administrators can automate the GPO backup process with the help of Microsoft scripts, or even better, the equivalent PowerShell cmdlets.

The following are just a few Microsoft scripts and their equivalent PowerShell cmdlets that can handle GPO backups:

BackupGPO.wsfBackup-GPOBacks up a single GPO in the domain
BackupAllGPOs.wsfBackup-GPOBacks up all the GPOs in the domain
RestoreGPO.wsfRestore-GPORestores a single GPO from the backup location
RestoreAllGPOs.wsfRestore-GPORestores all GPOs from the backup location
QueryBackupLocation.wsfNoneGives the location of the backed up GPOs
Related posts
Top Read Articles

Forest Functional Level

Top Read Articles

Active Directory Maintenance Checklist

Top Read Articles

Local Group Policy Editor

Leave a Reply

Your email address will not be published. Required fields are marked *