Taking regular backups of the Group Policy Objects in the Windows Server will help protect Group Policy Object from unwanted changes, as you can restore them whenever required. Windows PowerShell cmdlets give a simple way back up and restore Group Policy Objects. In this article, we will show you how to backup and restore GPO using PowerShell cmdlet.
Steps to Back Up and Restore Group Policy Objects using PowerShell cmdlet
The following steps describe the process of backing up and restoring Group Policy Objects (in the same domain) using PowerShell cmdlets:
Step 1 – Open Active Directory Module for Windows PowerShell
Navigate to the Start → All Programs, and click on the “Administrative Tools”; click on the Active Directory Module for Windows PowerShell.
Step 2 – Use Backup-GPO -All cmdlet to backup all Group Policy Objects
If you want to backup all Group Policy Objects in the domain, you have to execute the following command.
Backup-GPO -All -Path <string> [-Comment <string>] [-Domain <string>] [-Server <string>] [<CommonParameters>]
To backup a single Group Policy Object, execute the following command.
Backup-GPO [-Name] <string> -Path <string> [-Comment <string>] [-Domain <string>] [-Server <string>] [<CommonParameters>]
Step 3 – Open Group Policy Backup Location
Go to the location where backups of the Group Policy Objects have been stored. Note that the backup folder is named by a GUID. This text inside the middle brackets is the backup ID.
Step 4 – Use Restore-GPO -All cmdlet to restore all Group Policy Objects
If you want to restore all Group Policy Objects, you have to execute the following command.
Restore-GPO -All -Path <string> [-Domain <string>] [-Server <string>] [<CommonParameters>]
You can execute the following command at Windows PowerShell to restore only one Group Policy Object.
Restore-GPO –BackupId <Guid> -Path <string> [-Domain <string>] [-Server <string>] [<CommonParameters>]
You can refresh the Group Policy Management console to see the required Group Policy Object back in the list of Group Policy Objects.
Backing up and restoring GPO using Lepide Group Policy Auditor
Lepide Group Policy Auditor (part of Lepide Data Security Platform) can be used to create regular snapshots of Group Policy Objects. It stores the state of Group Policy Objects and lets the user restore back to this original state whenever required. In the following image, we can see the different options available for creating regular backups. Simply select the schedule time and the application will create regular backups:
In the following image, “Lepide Object Restore Wizard” has been shown. Here, you can select all the Group Policy Objects and follow the onscreen instructions in this wizard:
Please note that you will have to restore the entire object, as the individual attributes cannot be restored. Additionally, these backups cannot be used to restore the entire Windows Server environment or in a newly restored environment, because the application only creates snapshots of the Group Policy Objects and they cannot be used for complete recovery.
Conclusion
When you need to backup and restore Group Policy Objects, you have numerous options open to you; including using Windows PowerShell commands. However, this method is very manual and for that reason can be repetitive and time consuming to perform on a regular basis. A better alternative would be to use Lepide’s Group Policy auditing software, as it allows you to automate the entire backup and restoration process.