Update Windows/BackupGPO.md

Windows/BackupGPO.md

@@ -0,0 +1,84 @@
+# Method 1 - use a SMB - Networkshare as the backuptarget
+
+```powershell
+$limit = (Get-Date).AddDays(-30)
+$path = "\\NETWORKSHARE"
+
+# Delete files older than the $limit.
+Get-ChildItem -Path $path -Recurse -Force | Where-Object { !$_.PSIsContainer -and $_.CreationTime -lt $limit } | Remove-Item -Force
+
+# Delete any empty directories left behind after deleting the old files.
+Get-ChildItem -Path $path -Recurse -Force | Where-Object { $_.PSIsContainer -and (Get-ChildItem -Path $_.FullName -Recurse -Force | Where-Object { !$_.PSIsContainer }) -eq $null } | Remove-Item -Force -Recurse
+
+Backup-GPO -All -path $path -Comment "Backup done from SERVERNAME"
+```
+
+# Method 2 - use a SFTP Server as the backuptarget
+
+You have to keep in mind that you need script to autodelete old backups on the target. Maybe a cronjob for that part with the particular script would be a nice idea ;)
+
+To get the fingerprint of your hosts host_key file run this command and paste it behind the variable **$sftpfingerprint**
+```bash
+ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
+```
+
+Script on DomainController
+```powershell
+# documentation for winscp can be found here: https://winscp.net/eng/docs/library_powershell
+# prior to get this up and running you need ".NET assembly / COM library" from here https://winscp.net/eng/downloads.php
+
+$path = "C:\backup\gpos" #path for temporary storing all files
+$temp = "C:\backup\gpos_$(Get-Date -Format 'yyyyMMdd-HHmmss').zip" #path for the zip file in 24h format
+$sftpserver = "FQDN or IP"
+$sftpuser = "sftpusername"
+$sftpkeypath = "C:\Scripts\backupGPOs\privatekeyfile.ppk" #authentication with ppk file (password is possible as well, take a look at documentation)
+$sftpfingerprint = "ssh-rsa 3072 aX....." #replace it with the value of the command from the host above
+$winscppath = "C:\Scripts\backupGPOs\WinSCPnet.dll" #file from the zip you have downloaded before
+$destinantion = "/backups/gpos/" #target on the SFTP Server
+
+Backup-GPO -All -path $path -Comment "Backup done from DC-04"
+
+# Load WinSCP .NET assembly
+Add-Type -Path $winscppath
+
+# zip backup
+$compress = @{
+  Path = $path
+  CompressionLevel = "Fastest"
+  DestinationPath = $temp
+}
+Compress-Archive @compress
+
+# Setup session options
+$sessionOptions = New-Object WinSCP.SessionOptions -Property @{
+    Protocol = [WinSCP.Protocol]::Sftp
+    HostName = $sftpserver
+    UserName = $sftpuser
+    SshHostKeyFingerprint = $sftpfingerprint
+    SshPrivateKeyPath = $sftpkeypath
+}
+
+$session = New-Object WinSCP.Session
+
+try
+{
+    # Connect
+    $session.Open($sessionOptions)
+
+    # Upload
+    $session.PutFiles($temp, $destinantion).Check()
+}
+finally
+{
+    # Disconnect, clean up
+    $session.Dispose()
+}
+
+# Delete files older than the $limit.
+Get-ChildItem -Path $path -Recurse -Force | Where-Object { !$_.PSIsContainer } | Remove-Item -Force
+
+# Delete any empty directories left behind after deleting the old files.
+Get-ChildItem -Path $path -Recurse -Force | Where-Object { $_.PSIsContainer -and (Get-ChildItem -Path $_.FullName -Recurse -Force | Where-Object { !$_.PSIsContainer }) -eq $null } | Remove-Item -Force -Recurse
+
+Remove-Item -Path $temp -Force
+```

Windows/BackupGPO.ps1

@@ -1,10 +0,0 @@
-$limit = (Get-Date).AddDays(-30)
-$path = "\\NETWORKSHARE"
-
-# Delete files older than the $limit.
-Get-ChildItem -Path $path -Recurse -Force | Where-Object { !$_.PSIsContainer -and $_.CreationTime -lt $limit } | Remove-Item -Force
-
-# Delete any empty directories left behind after deleting the old files.
-Get-ChildItem -Path $path -Recurse -Force | Where-Object { $_.PSIsContainer -and (Get-ChildItem -Path $_.FullName -Recurse -Force | Where-Object { !$_.PSIsContainer }) -eq $null } | Remove-Item -Force -Recurse
-
-Backup-GPO -All -path $path -Comment "Backup done from SERVERNAME"