PowerShell to Backup and Restore Group Policy Objects

Restore Group Policy Objects using Lepide Data Security Platform
x
3 min read | Updated On - November 21, 2024
In This Article

Taking regular backups of the Group Policy Objects in the Windows Server will help protect Group Policy Object from unwanted changes, as you can restore them whenever required. Windows PowerShell cmdlets give a simple way back up and restore Group Policy Objects. In this article, we will show you how to backup and restore GPO using PowerShell cmdlet.

Steps to Back Up and Restore Group Policy Objects using PowerShell cmdlet

The following steps describe the process of backing up and restoring Group Policy Objects (in the same domain) using PowerShell cmdlets:

Step 1 – Open Active Directory Module for Windows PowerShell

Navigate to the Start → All Programs, and click on the “Administrative Tools”; click on the Active Directory Module for Windows PowerShell.

Active Directory Module for Windows PowerShell

Step 2 – Use Backup-GPO -All cmdlet to backup all Group Policy Objects

If you want to backup all Group Policy Objects in the domain, you have to execute the following command.

Backup-GPO -All -Path <string> [-Comment <string>] [-Domain <string>] [-Server <string>] [<CommonParameters>]

To backup a single Group Policy Object, execute the following command.

Backup-GPO [-Name] <string> -Path <string> [-Comment <string>] [-Domain <string>] [-Server <string>] [<CommonParameters>]
execute the command

Step 3 – Open Group Policy Backup Location

Go to the location where backups of the Group Policy Objects have been stored. Note that the backup folder is named by a GUID. This text inside the middle brackets is the backup ID.

GPO Backup Location

Step 4 – Use Restore-GPO -All cmdlet to restore all Group Policy Objects

If you want to restore all Group Policy Objects, you have to execute the following command.

Restore-GPO -All -Path <string> [-Domain <string>] [-Server <string>] [<CommonParameters>]

You can execute the following command at Windows PowerShell to restore only one Group Policy Object.

Restore-GPO –BackupId <Guid> -Path <string> [-Domain <string>] [-Server <string>] [<CommonParameters>]
run command

You can refresh the Group Policy Management console to see the required Group Policy Object back in the list of Group Policy Objects.

Group Policy Management console

Backing up and restoring GPO using Lepide Group Policy Auditor

Lepide Group Policy Auditor (part of Lepide Data Security Platform) can be used to create regular snapshots of Group Policy Objects. It stores the state of Group Policy Objects and lets the user restore back to this original state whenever required. In the following image, we can see the different options available for creating regular backups. Simply select the schedule time and the application will create regular backups:

Group Policy backup setting

In the following image, “Lepide Object Restore Wizard” has been shown. Here, you can select all the Group Policy Objects and follow the onscreen instructions in this wizard:

Lepide Object Restore Wizard

Please note that you will have to restore the entire object, as the individual attributes cannot be restored. Additionally, these backups cannot be used to restore the entire Windows Server environment or in a newly restored environment, because the application only creates snapshots of the Group Policy Objects and they cannot be used for complete recovery.

Conclusion

When you need to backup and restore Group Policy Objects, you have numerous options open to you; including using Windows PowerShell commands. However, this method is very manual and for that reason can be repetitive and time consuming to perform on a regular basis. A better alternative would be to use Lepide’s Group Policy auditing software, as it allows you to automate the entire backup and restoration process.

See How Lepide Data Security Platform Works
x
Learn More...

Restore Group Policy Objects using Lepide Data Security Platform

x
Learn More...