Backup and restore for Group Policy doesn’t have to be hard. Actually, the good news is that it’s quite easy. Many people don’t take backups of their GPOs, and suffer the consequences. Don’t let a simple Group Policy deletion or other small problem result in big, big problems because you don’t have a Group Policy backup.
Getting started backing up your Group Policy world is quite easy. First things’ first though. It’s ideal to perform Group Policy Object backup and restore using the latest, greatest Group Policy Management Console, or GPMC.
The GPMC has been around for a long time, but most people don’t know there are several versions. Without getting too deep into it, the latest, greatest version is available for Windows Server 2008 R2 and also for Windows 7.
On Windows Server 2008 R2, you can install the GPMC by using Server Manager then selecting Features | Add Features then select Group Policy Management as seen here.
Optionally, you can use Windows 7 and install the GPMC there. The GPMC for Windows 7 is contained within the Remote Server Administration Tools or RSAT. RSAT is found at the following address for download:
RSAT takes a while to install, but when it does, it installs as part of the operating system. To find the GPMC, then click inside Control Panel | Programs | Turn Windows Features on or Off. Then, find Remote Server Administration Tools and locate Group Policy Management Tools.
Figure 1: Installing the GPMC on Windows 7
At this point you should have the GPMC installed on either Windows Server 2008 R2 or Windows 7. Note, however, I am not recommending you install the GPMC on Windows XP or continue to use that version of the GPMC for backup and restore.
To get starting backing up your GPOs, start out by launching the GPMC. In my examples, I’ll be using Windows Server 2008 R2 (and not Windows 7.) Click the Start menu then type GPMC.MSC to fire up the GPMC or, locate it in the Start menu at Start | Administrative Tools then select Group Policy Management as seen in Figure 3.
Figure 2: Launching the GPMC
One of the confusing parts of backing up and restoring Group Policy Objects using the GPMC is simply where to start. To begin, open up the domain name, then find the Group Policy Objects node as seen in Figure 4. Then right-click over Group Policy Objects node and select “Back Up All…” as also seen in Figure 4.
Figure 3: Starting the Group Policy Backup Process
At this point, you’re able to select where you want to store the backup and what to call it. Be sure to select a location that you can trust, either on the same computer or on the network. Give it an appropriate name as well.
As your GPOs are backed up, they are re-created as file blobs in the directory. There will be a GUID created for each GPO that is backed up as seen in Figure 5.
Figure 4: A GUID directory containing files is created for each backed up GPO.
At this point, you’re pretty well protected.
If any Group Policy Object should get inadvertently deleted, then you can simply restore it in a similar fashion. In my examples, I’m going to delete a GPO named “Win7 / R2 Scheduled Tasks Test.”
After it’s deleted, to perform the restore, simply re-select the Group Policy Objects node and select Manage Backups as seen in Figure 6.
Next, select the GPO you want to restore and select Restore as seen in Figure 7.
Figure 5: Restore GPOs by selecting the GPO and selecting Restore
Note that if you had multiple backups inside same directory you could select “Show only the latest version of each GPO” and see the latest.
The one gotcha is that the links upon the GPO are not restored along with the backup.
Therefore, if you need to know the state of the links when the backup was performed, click on View Settings first, inspect the settings report, then after the restore has occurred re-link the GPO to where it was before the disaster.
That’s GPO Backup and Restore 101.