Group Policy Object Backups (Part 1)

by [Published on 9 March 2010 / Last Updated on 9 March 2010]

The options available for a Group Policy backup to be completed manually.

If you would like to be notified when Derek Melber releases the next part of this article series please sign up to the WindowsNetworking.com Real time article update newsletter.

Introduction

If you are running Active Directory for your Windows environment, you need to read this article. Group Policy is an integrated technology in Active Directory that is used as soon as you install your first Windows domain controller. So, you need to ensure that you can recover Group Policy in case there is an issue with any aspect of Group Policy or even Active Directory. By default, there is nothing that automatically backs up Group Policy, but there are a few options that you have at your disposal to manually and even partially automatically, backup your Group Policy infrastructure. This article will go into options that you have for Group Policy backup to be completed manually. The next article will focus on automating the Group Policy backup procedure.

Why Backup Group Policy?

Group Policy is a technology that allows an administrator to configure nearly every aspect of a Windows computer. The true benefit of Group Policy is the fact that it is centralized management of all Windows computers in the domain. There aren’t too many settings that Group Policy can’t touch on a target Windows server or desktop. In summary, Group Policy is very powerful, flexible, granular, and dynamic.

With this much power, if something were to go wrong, there needs to be a backup plan. With Group Policy controlling the Registry, security, software deployment, Internet Explorer, applications, drive mappings, printer mappings, and so much more, you can see how it is essential to backup these Group Policy Objects and their associated settings.

Where to Backup Group Policy

Group Policy is centrally managed using the Group Policy Management Console (GPMC). The GPMC has two versions

  • GPMC w/ SP1 - Runs on Windows XP, Server 2003 and Vista (RTM)
  • GPMC v 6 - Runs on Windows Vista SP1, Windows 7, and Server 2008

Both of these tools provide the exact same backup capabilities and options. Unfortunately neither provides the automated backup that is desired for Group Policy, but at least there are some options to help with automation.

When in the GPMC, you will need to maneuver down to the Group Policy Objects node, as can be seen in Figure 1.


Figure 1: Within the GPMC, click on the Group Policy Objects node

Here, you will be able to backup all of the Group Policy Objects, instead of just one at a time. Yes, you can go to any of the Group Policy Objects individually and back them up, but performing a backup of all Group Policy Objects is where you want to start. Also, if you are like most companies, you will have fewer than 100 or so to backup, so backing them all up each time is not a bad idea. Of course, if you are a huge bank, corporation, or business that has thousands of Group Policy Objects, you might want to use the individual backup capability, or better yet, get a tool that helps with the automation of Group Policy backups.

Backing Up Group Policy Objects

In order to backup your Group Policy Objects, you simply need to right click on the Group Policy Objects node in the GPMC and select the Backup All menu option. If you have never backed up Group Policy before, you will need to create a folder for the storage of the backups. If you have already backed up Group Policy, you will select the folder where you backed them up to perform another backup. Figure 2 illustrates the dialog box for an environment where no Group Policy Objects have been backed up.


Figure 2: Back Up Group Policy Object Interface

The Backup Group Policy Object Interface is very simple and easy to use. You simply select the correct backup folder then select the Backup button. This will start the backup procedure, where you will see the backup in progress. The backup will indicate each Group Policy Object that it backs up during the process, giving you a final message that the backup is complete.

It is a good idea to backup a Group Policy Object (or all of them) before and after you make a change. This will allow you to have two versions of the Group Policy Object for those that have been changed and at least a single copy of the current one.

Working With Backed Up Group Policy Objects

Now that you have a handle on how to perform the backup of your Group Policy Objects, you can move on to working with them once they are backed up. The backed up Group Policy Objects can be accessed by right-clicking on the Group Policy Objects node in the GPMC, then selecting the Manage Backups men option. You will see the backed up Group Policy Objects, as seen in Figure 3.


Figure 3: Manage Backups interface

From the Manage Backups interface, you will be able to view the GPO settings that are located in the GPO. This is an important function, as you need to verify what each GPO has in it, in case you need to “roll back” to an older version. To see the settings in a backed up Group Policy Object, click on the View Settings button after highlighting the correct Group Policy Object in the interface.

There is no option to “compare” Group Policy Objects and their settings by default. However, you can download a tool such as GPO Compare by SDM Software, which is very inexpensive and can be downloaded at http://www.sdmsoftware.com/group_policy_compare.php, or you can get the Microsoft change management solution, Advanced Group Policy Management (AGPM), from http://www.microsoft.com/windows/enterprise/products/mdop/agpm.aspx.

You can also restore a Group Policy Object from the Manage Backups interface. This is just as simple as the backup of the Group Policy Object. To restore a Group Policy Object, you will select the correct one from the interface, then select the Restore button. You will be prompted to confirm you restoration, as well as informed when the restoration is completed, as shown in Figure 4.


Figure 4: When a Group Policy Object is restored, you will be notified

Summary

Group Policy is integral to the security, stability, and overall health of your Windows environment. If you are running Active Directory, you are using Group Policy today. With this said, you need to ensure that you protect your Windows environment, assets, and overall continuity of your environment. Microsoft provides the ability for you to backup Group Policy using the GPMC, but this is not automated. If you combine the GPMC Scripts with a scheduled task, then you can “automate” the backing up of the Group Policy infrastructure. No matter what you do, make sure that you perform a backup of your Group Policy structure often, so you can easily restore a Group Policy Object in the event you need to.

If you would like to be notified when Derek Melber releases the next part of this article series please sign up to the WindowsNetworking.com Real time article update newsletter.

Featured Links