WirFixenAlles/Boilerplates
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update Windows/BackupGPO.md

Browse Source
This commit is contained in:
Manuel Gläser
2024-03-02 16:31:16 +00:00
parent c5ce616b35
commit c1ed08ce95
2 changed files with 84 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
Windows/BackupGPO.md Normal file
View File

@@ -0,0 +1,84 @@
# Method 1 - use a SMB - Networkshare as the backuptarget
```powershell
$limit = (Get-Date).AddDays(-30)
$path = "\\NETWORKSHARE"
# Delete files older than the $limit.
Get-ChildItem -Path $path -Recurse -Force | Where-Object { !$_.PSIsContainer -and $_.CreationTime -lt $limit } | Remove-Item -Force
# Delete any empty directories left behind after deleting the old files.
Get-ChildItem -Path $path -Recurse -Force | Where-Object { $_.PSIsContainer -and (Get-ChildItem -Path $_.FullName -Recurse -Force | Where-Object { !$_.PSIsContainer }) -eq $null } | Remove-Item -Force -Recurse
Backup-GPO -All -path $path -Comment "Backup done from SERVERNAME"
```
# Method 2 - use a SFTP Server as the backuptarget
You have to keep in mind that you need script to autodelete old backups on the target. Maybe a cronjob for that part with the particular script would be a nice idea ;)
To get the fingerprint of your hosts host_key file run this command and paste it behind the variable **$sftpfingerprint**
```bash
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
```
Script on DomainController
```powershell
# documentation for winscp can be found here: https://winscp.net/eng/docs/library_powershell
# prior to get this up and running you need ".NET assembly/COM library" from here https://winscp.net/eng/downloads.php
$path = "C:\backup\gpos" #path for temporary storing all files
$temp = "C:\backup\gpos_$(Get-Date -Format 'yyyyMMdd-HHmmss').zip" #path for the zip file in 24h format
$sftpserver = "FQDN or IP"
$sftpuser = "sftpusername"
$sftpkeypath = "C:\Scripts\backupGPOs\privatekeyfile.ppk" #authentication with ppk file (password is possible as well, take a look at documentation)
$sftpfingerprint = "ssh-rsa 3072 aX....." #replace it with the value of the command from the host above
$winscppath = "C:\Scripts\backupGPOs\WinSCPnet.dll" #file from the zip you have downloaded before
$destinantion = "/backups/gpos/" #target on the SFTP Server
Backup-GPO -All -path $path -Comment "Backup done from DC-04"
# Load WinSCP .NET assembly
Add-Type -Path $winscppath
# zip backup
$compress = @{
Path = $path
CompressionLevel = "Fastest"
DestinationPath = $temp
}
Compress-Archive @compress
# Setup session options
$sessionOptions = New-Object WinSCP.SessionOptions -Property @{
Protocol = [WinSCP.Protocol]::Sftp
HostName = $sftpserver
UserName = $sftpuser
SshHostKeyFingerprint = $sftpfingerprint
SshPrivateKeyPath = $sftpkeypath
}
$session = New-Object WinSCP.Session
try
{
# Connect
$session.Open($sessionOptions)
# Upload
$session.PutFiles($temp, $destinantion).Check()
}
finally
{
# Disconnect, clean up
$session.Dispose()
}
# Delete files older than the $limit.
Get-ChildItem -Path $path -Recurse -Force | Where-Object { !$_.PSIsContainer } | Remove-Item -Force
# Delete any empty directories left behind after deleting the old files.
Get-ChildItem -Path $path -Recurse -Force | Where-Object { $_.PSIsContainer -and (Get-ChildItem -Path $_.FullName -Recurse -Force | Where-Object { !$_.PSIsContainer }) -eq $null } | Remove-Item -Force -Recurse
Remove-Item -Path $temp -Force
```