I’ve been developing a thorough set of backup and disaster recovery processes for an office running Microsoft’s Small Business Server 2008. The built in Windows Server Backup tool is quite nice from a “set-it-and-forget-it” perspective, even if it doesn’t offer a lot of customizable features.
However, there are a few things on the server that I’m considering backing up in a different way in addition to Windows Server Backup (WSB). One of those things is the domain’s Group Policy Objects (GPOs).
It’s a simple enough procedure from within the Group Policy Management Console (GPMC). In typical Windows fashion, it’s only a single right click away.
However, as a Windows admin who is attempting to recover from GUI-itis (the unreasonable reliance on GUI input to do tasks) as well as scripting-itis (an irrational fear of text that resembles code) and is also trying to fortify his body of automation skills, I knew I had to script this task.
Fortunately, the GPMC has it’s own set of scripting interfaces so that you can automate group policy tasks. There is also a set of GPMC scripting samples that were included with Windows Server 2003 but for some reason are not installed by default on Windows Server 2008.
To install the scripting samples on Windows Server 2008, go to this Microsoft download link. Those scripting samples include many useful scripts that allow for listing all disabled GPOs, Listing GPO’s without security filtering, deleting, restoring and importing GPOs as well as, most importantly to me at the moment, backing up and restoring GPOs. Here’s a list of the GPMC scripting samples.
From there, it’s as simple as calling BackupGPO.wsf or BackupAllGPOs.wsf from within Task Scheduler to get the job done. If you really want to get fancy, you could use PowerShell to do something like backing up all GPO’s that have been modified this month.