group policy

How to Backup and Restore Group Policy Objects

Group policies have an important role in the Active Directory domain management, their damage or accidental deletion can lead to unpredictable results.

Backup of Group Policy objects (GPO) allows you to quickly restore their state and if not reduce them to minimum size. In addition, backups should be created before editing the GPO settings and in the case of problems, you can easily roll back the changes.

Backup and Restore Group Policy Objects

You can manage backup and restore the GPO using the graphical tool GPMC or via PowerShell. To work with GPOs, you must have the Domain and Enterprise Admins privileges.

Backup/Restore GPO using Group Policy Management Console

Run Group Policy Management snap-in from the Administrative Tools or by pressing Win + R and typing gpmc.msc. Go to Group Policy Objects section, select the desired GPO, right click on it and select «Back Up» from the context menu.

group policy management backup

Then in new window, specify the directory in which you want to store backup, add a description, and click on «Back Up».

gpo backup object

If you need to save all the domain policies at once click, on Group Policy Objects section and select «Back Up All».

gpo backup all

There are two ways to restore GPO from backup. If you want to roll back changes to an existing policy, select the appropriate GPO, and in context menu select «Restore from Backup».

READ ALSO  How to Install and Configure vsFTPd on CentOS 7

gpo restore backup

In Restore Wizard window, specify the location of backup, and then click on the GPO version to restore.

gpo restore wizard

You can choose by date or description. Also, using the «View Settings» button, you can view the settings contained in the GPO.

You can also restore the GPO from Manage Backups tool by right click on Group Policy Objects section and select «Manage Backups».

gpo manage backups

In this window, you need to specify a folder with backup, select an object to restore and click «Restore». By the way, you can not only to restore the existing but also import new GPO with this.

gpo manage backups restore

Using PowerShell to back up and restore GPOs

To manage Group Policy the PowerShell has a special module GroupPolicy, which includes cmdlets for GPOs backup and restoring GPOs. So the following command will create a copy of GPO named “Disable UAC” in the folder C:\Backup backup copy of GPO. After that add a comment “Backup using PoSh”:

Backup-GPO -Name "Disable UAC" -Path "C:\Backup" -Comment "Backup using PoSh"

You can use the command to back up all GPO in the current domain:

Backup-GPO -All -Path ″C:\Backup″

gpo backup powershell

To restore a policy, you can use the cmdlet Restore-GPO. The following command will restore the most recent version of the GPO named “Disable UAC”:

READ ALSO  Office 365 - "This message could not be sent. Try sending the message again later"

Restore-GPO -Name “Disable UAC “-Path ″C:\ Backup″

To restore all GPOs use the key -All:

Restore-GPO -All -Path ″C:\Backups″

If you want to restore the GPO version, which is different from the latter, with the key ID –BackupID you can specify backup:

Restore-GPO -Path ″C:\Backups″ -BackupID 5CA0BC78-563B-4AF5-8C37-D804F51F84AE

BackupID is a 32-bit identifier that is unique for each backup. Its name matches the name of the folder where the copy is stored.

gpo backup list

PowerShell can also be used to automate the backup of Group Policy Objects. For example, to schedule a backup of all domain GPO daily at 1 am:

$shedTrigger = New-JobTrigger -Daily -At 1am
 Register-SheduledJob -Name AllGPOBackup -ScriptBlock {Backup-GPO -All -Path ″C:\Backups″} -Trigger $ shedTrigger

You may also like:

System Restore Point in Windows 10: How to Enable,... Today we will show you how to enable, create and perform a system restore point in Windows 10. Let’s get started here by clicking on Start menu. Go to...
Add Calendar Permissions in Office 365 via Powersh... This is a tutorial on adding calendar permissions in Office 365 for your users via Powershell. You can add permissions onto a specific mailbox, or you...
Grant Full Access to All Mailboxes in Exchange 200... This is a short tutorial on how to add full access to all mailboxes in Exchange 2007 and 2010 for a an additional user. This can come in handy when sa...
How to copy files with BITS using PowerShell If you use local (and global) networks, you might know that files between systems are transferring by using SMB, FTP or HTTP protocols. The problem wi...
Fix Trust relationship failed issue without domain... In this article we will discuss the causes of "Trust relationship failed ..." error and some solutions on how to restore secure channel between workst...