Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Backup Group Policies 2
- Thread starter kelfuego
- Start date
-
1
- #2
Let's first get some more facts here. Are we talking about wanting the same policy on another DC? If so there is no need. It should replicate over.
By add in are you referring to GPMC? If so then yes, you should load that on each server.
GPMC does give you the ability to backup and import GPO settings so you can duplicate ang change/tweak a GPO.
I hope you find this post helpful.
Regards,
Mark
By add in are you referring to GPMC? If so then yes, you should load that on each server.
GPMC does give you the ability to backup and import GPO settings so you can duplicate ang change/tweak a GPO.
I hope you find this post helpful.
Regards,
Mark
- Thread starter
- #3
Mark,
1. It is another DC, but not on the same domain. I have a staff domain and a client domain that are kept completely separate. So no replication is not a possibility.
2. I do mean the GPMC (which I would love to use, but my boss does not want it loaded) So what I'm looking for is an old school way of backing up a Group Policy and passing it over to another system. An example of what I'm looking for would be like creating an IPSEC policy in the MMC and then exporting it for use elsewhere.
Kelly Johnson MCP
Central City Concern
1. It is another DC, but not on the same domain. I have a staff domain and a client domain that are kept completely separate. So no replication is not a possibility.
2. I do mean the GPMC (which I would love to use, but my boss does not want it loaded) So what I'm looking for is an old school way of backing up a Group Policy and passing it over to another system. An example of what I'm looking for would be like creating an IPSEC policy in the MMC and then exporting it for use elsewhere.
Kelly Johnson MCP
Central City Concern
Tell your boss that he needs to get with the times! GPMC is mature and will be the default in the next version of Windows.
You can of course locate the policy folder under Sysvol and copy that. You first need to know the policy GUID number. Easiest way to do that is to start to add a login script. At the browse window click "Up" until you reach a really long folder name. That is the folder you want to copy and paste.
On the new server you need to first create a blank policy then paste the copied files and subfolders into that policy folder.
Bottom line is that GPMC was designed for this functionality and not using it just does not make sense.
I hope you find this post helpful.
Regards,
Mark
You can of course locate the policy folder under Sysvol and copy that. You first need to know the policy GUID number. Easiest way to do that is to start to add a login script. At the browse window click "Up" until you reach a really long folder name. That is the folder you want to copy and paste.
On the new server you need to first create a blank policy then paste the copied files and subfolders into that policy folder.
Bottom line is that GPMC was designed for this functionality and not using it just does not make sense.
I hope you find this post helpful.
Regards,
Mark
-
1
- #5
Another point is that the GPMC could be loaded on a desktop and run with "runas". This could maybe be a workaround for you. Either way, the only easy way to backup/restore a GPO quickly is with GPMC. Anything else is going to be manual and not nearly as precise.
Another possible way of doing it is with vb. I found these scripts somewhere, but have not used them so if you do I would test first.
This one is supposed to backup all GPO's:
This one is supposed to restore GPO's:
And this one is supposed to Import GPO's:
Another possible way of doing it is with vb. I found these scripts somewhere, but have not used them so if you do I would test first.
This one is supposed to backup all GPO's:
Code:
'This script backs up all GPOs to a folder called GPO_Backups in the user's My Documents folder.
gpoBackupFolder = "GPO_Backups"
'Do initial housekeeping chores
Set gpm = CreateObject("gpmgmt.gpm")
Set gpmConstants = gpm.GetConstants
Set RootDSE = GetObject("LDAP://RootDSE")
adsiDomain = RootDSE.Get("DefaultNamingContext")
dnsDomain = ConvertToDNS(adsiDomain)
'Create the GPO backup directory if it does not already exist
Set shell = CreateObject("Wscript.Shell")
userMyDocuments = shell.SpecialFolders("MyDocuments")
userName = shell.ExpandEnvironmentStrings("%username%")
gpoBackupFolderFullPath = userMyDocuments & "\" & gpoBackupFolder
WScript.Echo "This script backs up all GPOs in the domain " & dnsDomain & _
" into a folder called " & gpoBackupFolder & " under My Documents."
'Create a filesystem object to use for creating a folder
Set fso = CreateObject("Scripting.FileSystemObject")
'Test to see if the folder exists before trying to create it
If fso.FolderExists(gpoBackupFolderFullPath) Then
WScript.Echo "Using the existing " & gpoBackupFolder & " folder."
Set fsoBackupFolder = fso.GetFolder(gpoBackupFolderFullPath)
Else
WScript.Echo "Creating the " & gpoBackupFolder & " folder."
Set fsoBackupFolder = fso.CreateFolder(gpoBackupFolderFullPath)
End If
'Create a collection of all GPOs in the domain
set gpmDomain = gpm.GetDomain(dnsDomain,"",gpmConstants.UsePDC)
set gpmSearchCriteria = gpm.CreateSearchCriteria()
set GPO_List = gpmDomain.SearchGPOs(gpmSearchCriteria)
'Loop through the collection and backup each GPO
For Each GPO In GPO_List
WScript.Echo "Backing up the " & gpo.DisplayName & " GPO...."
Set gpmResult = gpo.backup(fsoBackupFolder.path,"Backup performed by " & userName)
Set gpmResult_Status = gpmResult.Status
If gpmResult_Status.count <> 0 Then
For i=1 to gpmResult_Status.Count
WScript.Echo gpmResult_Status.Item(i).Message
Next
gpmResult.OverallStatus()
Else
WScript.Echo vbTab & "GPO Backup successful."
End If
Next
WScript.Echo "Completed GPO backups."
'=========Functions and Subroutines=============================================
'This function converts the DN of a domain to a FQDN
Function ConvertToDNS(distinguishedName)
'Skip past the first "DC=" in the DN
initialStrip = Mid(distinguishedName,4)
'Replace the remaining typeful prefixes with periods
rs = Replace(initialSTrip,",dc=",".",1,-1,1)
'Return the FQDN
ConvertToDNS = rs
End FunctionThis one is supposed to restore GPO's:
Code:
'This script restores a selected GPO
gpoBackupFolder = "GPO_Backups"
'Do initial housekeeping chores
Set gpm = CreateObject("gpmgmt.gpm")
Set gpmConstants = gpm.GetConstants
Set RootDSE = GetObject("LDAP://RootDSE")
adsiDomain = RootDSE.Get("DefaultNamingContext")
dnsDomain = ConvertToDNS(adsiDomain)
set gpmDomain = gpm.GetDomain(dnsDomain,"",gpmConstants.UsePDC)
'Get the path to the My Documents folder
Set shell = CreateObject("Wscript.Shell")
userMyDocuments = shell.SpecialFolders("MyDocuments")
gpoBackupFolderFullPath = userMyDocuments & "\" & gpoBackupFolder
set gpmSearchCriteria = gpm.CreateSearchCriteria()
gpmSearchCriteria.Add gpmConstants.SearchPropertyBackupMostRecent, _
gpmConstants.SearchOPEquals, True
Set gpmBackupDir = gpm.GetBackupDir(gpoBackupFolderFullPath)
Set gpmBackup_List = gpmBackupDir.SearchBackups(gpmSearchCriteria)
WScript.Echo "Here is a list of the most current GPO backups:"
For i=1 To gpmBackup_List.Count
With gpmBackup_List.Item(i)
rs = i & ") "
rs = rs & .GPODisplayName & ": "
rs = rs & "Backed up on " & .Timestamp
rs = rs & " (" & .Comment & ")"
End With
WScript.Echo rs
Next
WScript.Stdout.write vbCrLf & "Enter the number of the GPO you want to restore: "
rs = int(WScript.StdIn.ReadLine)
If rs >= 1 AND rs <= gpmBackup_List.Count Then
restoreGPO_ID = gpmBackup_List.item(rs).ID
set gpmRestoreGPO = gpmBackupDir.GetBackup(restoreGPO_ID)
Else
WScript.Echo vbCrLf & "Please run the script again and select a number in the displayed range."
WScript.Quit()
End If
WScript.Echo vbCrLf & "Here's information about the GPO backup you selected:"
With gpmRestoreGPO
WScript.Echo "GPO Friendly Name: " & .GPODisplayName
WScript.Echo "Domain: " & .GPODomain
WScript.Echo "Comment: " & .Comment
WScript.Echo "GPO GUID: " & .GPOID
WScript.Echo "GPO Backup GUID: " & .ID
WScript.Echo "Backup Timestamp: " & .Timestamp
WScript.Echo vbNL
End With
WScript.StdOut.Write "Are you sure you want to restore this GPO? (y or n) "
rs = WScript.StdIn.ReadLine
WScript.Echo vbCrLf
If StrComp(rs,"y",vbTextCompare) = 0 Then
WScript.Echo "Restoring selected GPO..."
Set gpmResult = gpmDomain.RestoreGPO(gpmRestoreGPO,0)
Set gpmResult_Status = gpmResult.Status
If gpmResult_Status.count <> 0 Then
For i=1 to gpmResult_Status.Count
WScript.Echo gpmResult_Status.Item(i).Message
Next
gpmResult.OverallStatus()
Else
WScript.Echo "Successfully restored GPO. This did not restore links from containers."
End If
Else
WScript.Echo "Operation aborted. No GPOs restored."
End If
'=========Functions and Subroutines=============================================
'This function converts the DN of a domain to a FQDN
Function ConvertToDNS(distinguishedName)
'Skip past the first "DC=" in the DN
initialStrip = Mid(distinguishedName,4)
'Replace the remaining typeful prefixes with periods
rs = Replace(initialSTrip,",dc=",".",1,-1,1)
'Return the FQDN
ConvertToDNS = rs
End FunctionAnd this one is supposed to Import GPO's:
Code:
'This script creates a test OU and a test GPO and links the GPO to the OU.
'Do initial housekeeping chores
Set gpm = CreateObject("gpmgmt.gpm")
Set gpmConstants = gpm.GetConstants
Set RootDSE = GetObject("LDAP://RootDSE")
adsiDomain_DN = RootDSE.Get("DefaultNamingContext")
dnsDomain = ConvertToDNS(adsiDomain_DN)
'Create a GPM domain object
set gpmDomain = gpm.GetDomain(dnsDomain,"",gpmConstants.UsePDC)
gpoBackupFolderFullPath = "\\w2k3-s1\gpo_backups"
set gpmBackupSearchCriteria = gpm.CreateSearchCriteria()
gpmBackupSearchCriteria.Add gpmConstants.SearchPropertyBackupMostRecent, _
gpmConstants.SearchOPEquals, True
Set gpmBackupDir = gpm.GetBackupDir(gpoBackupFolderFullPath)
Set gpmBackup_List = gpmBackupDir.SearchBackups(gpmBackupSearchCriteria)
WScript.Echo "Here is a list of the most current GPO backups:"
For i=1 To gpmBackup_List.Count
With gpmBackup_List.Item(i)
rs = i & ") "
rs = rs & .GPODisplayName
End With
WScript.Echo rs
Next
WScript.Stdout.write vbCrLf & "Enter the number of the GPO you want to import: "
rs = int(WScript.StdIn.ReadLine)
If rs >= 1 AND rs <= gpmBackup_List.Count Then
restoreGPO_ID = gpmBackup_List.item(rs).ID
set gpmImportGPO = gpmBackupDir.GetBackup(restoreGPO_ID)
importGPODisplayName = gpmImportGPO.GPODisplayName
WScript.Echo vbCrLf & "You've selected " & importGPODisplayName & " for importing."
Else
WScript.Echo vbCrLf & "Please run the script again and select a number in the displayed range."
WScript.Quit()
End If
WScript.Echo "You will be importing the " & importGPODisplayName & " GPO settings into the Lockdown Desktop Settings GPO."
'Search the production domain to verify that a GPO of the same name exists
'Remove the cstr() from the variable once the latest SP of GPMC is released
'Do no include in book copy
set gpmGPOSearchCriteria = gpm.CreateSearchCriteria()
gpmGPOSearchCriteria.Add gpmConstants.SearchPropertyGPODisplayName, _
gpmConstants.SearchOPContains, cstr(importGPODisplayName)
'WScript.Echo "Verifying that the " & importGPODisplayName & " GPO exists in the production domain."
Set gpmProductionGPOCollection = gpmDomain.SearchGPOs(gpmGPOSearchCriteria)
If gpmProductionGPOCollection.count = 1 Then
WScript.Echo "The GPO exists and will be selected for import operations."
For Each item In gpmProductionGPOCollection
set gpmProductionGPO = item
Next
Else
WScript.Echo "Unable to find the GPO in the production domain."
WScript.Quit()
End If
WScript.StdOut.Write "Are you sure you want to import this GPO? (y or n) "
rs = WScript.StdIn.ReadLine
WScript.Echo vbCrLf
If StrComp(rs,"y",vbTextCompare) = 0 Then
WScript.Echo "Importing selected GPO..."
Set gpmResult = gpmProductionGPO.Import(0,gpmImportGPO)
Set gpmResult_Status = gpmResult.Status
If gpmResult_Status.count <> 0 Then
For i=1 to gpmResult_Status.Count
WScript.Echo gpmResult_Status.Item(i).Message
Next
gpmResult.OverallStatus()
Else
WScript.Echo "The GPO was successfully imported."
End If
Else
WScript.Echo "Operation aborted. No GPOs imported."
End If
'=========Functions and Subroutines=============================================
'This function converts the DN of a domain to a FQDN
Function ConvertToDNS(distinguishedName)
'Skip past the first "DC=" in the DN
initialStrip = Mid(distinguishedName,4)
'Replace the remaining typeful prefixes with periods
rs = Replace(initialSTrip,",dc=",".",1,-1,1)
'Return the FQDN
ConvertToDNS = rs
End Function
Function ConvertSOMType(SOMvalue)
Select Case SOMvalue
Case gpmConstants.SOMDomain
rs = "Domain"
Case gpmConstants.SOMOU
rs = "Organizational Unit"
Case gpmConstants.SOMSite
rs = "Site"
End Select
ConvertSOMType = rs
End Function- Thread starter
- #6
Thank you both for the information you've shared with me.
I didn't think to look in the sysvol folder---man I hate it when I miss the obvious.
Mark, over the course of my career I have run into many many people who have been opposed to change and in a way I believe this to be human nature. Unfortunately my boss has found a comfort zone that she is not willing to step away from. So my choice is to rock the boat now, or wait for Microsoft to do it for me so I think I'll take the path of least resistance.
Kelly Johnson MCP
Central City Concern
I didn't think to look in the sysvol folder---man I hate it when I miss the obvious.
Mark, over the course of my career I have run into many many people who have been opposed to change and in a way I believe this to be human nature. Unfortunately my boss has found a comfort zone that she is not willing to step away from. So my choice is to rock the boat now, or wait for Microsoft to do it for me so I think I'll take the path of least resistance.
Kelly Johnson MCP
Central City Concern
- Status
Similar threads
- Locked
- Question