WirFixenAlles/Boilerplates
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
main
Boilerplates/Windows/BackupGPO.md
admManuel 3e8fa614ac Update Windows/BackupGPO.md
2024-03-02 16:37:32 +00:00

92 lines
3.3 KiB
Markdown
Raw Permalink Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Method 1 - use a SMB - Networkshare as the backuptarget
```powershell
$limit = (Get-Date).AddDays(-30)
$path = "\\NETWORKSHARE"
# Delete files older than the $limit.
Get-ChildItem -Path $path -Recurse -Force | Where-Object { !$_.PSIsContainer -and $_.CreationTime -lt $limit } | Remove-Item -Force
# Delete any empty directories left behind after deleting the old files.
Get-ChildItem -Path $path -Recurse -Force | Where-Object { $_.PSIsContainer -and (Get-ChildItem -Path $_.FullName -Recurse -Force | Where-Object { !$_.PSIsContainer }) -eq $null } | Remove-Item -Force -Recurse
Backup-GPO -All -path $path -Comment "Backup done from SERVERNAME"
```
# Method 2 - use a SFTP Server as the backuptarget
You have to keep in mind that you need script to autodelete old backups on the target. Maybe a cronjob for that part with the particular script would be a nice idea ;)
To get the fingerprint of your hosts host_key file run this command and paste it behind the variable **$sftpfingerprint**
```bash
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
```
Script on DomainController
```powershell
# documentation for winscp can be found here: https://winscp.net/eng/docs/library_powershell
# prior to get this up and running you need ".NET assembly/COM library" from here https://winscp.net/eng/downloads.php
$path = "C:\backup\gpos" #path for temporary storing all files
$temp = "C:\backup\gpos_$(Get-Date -Format 'yyyyMMdd-HHmmss').zip" #path for the zip file in 24h format
$sftpserver = "FQDN or IP"
$sftpuser = "sftpusername"
$sftpkeypath = "C:\Scripts\backupGPOs\privatekeyfile.ppk" #authentication with ppk file (password is possible as well, take a look at documentation)
$sftpfingerprint = "ssh-rsa 3072 aX....." #replace it with the value of the command from the host above
$winscppath = "C:\Scripts\backupGPOs\WinSCPnet.dll" #file from the zip you have downloaded before
$destinantion = "/backups/gpos/" #target on the SFTP Server
Backup-GPO -All -path $path -Comment "Backup done from DC-01"
# Load WinSCP .NET assembly
Add-Type -Path $winscppath
# zip backup
$compress = @{
Path = $path
CompressionLevel = "Fastest"
DestinationPath = $temp
}
Compress-Archive @compress
# Setup session options
$sessionOptions = New-Object WinSCP.SessionOptions -Property @{
Protocol = [WinSCP.Protocol]::Sftp
HostName = $sftpserver
UserName = $sftpuser
SshHostKeyFingerprint = $sftpfingerprint
SshPrivateKeyPath = $sftpkeypath
}
$session = New-Object WinSCP.Session
try
{
# Connect
$session.Open($sessionOptions)
# Upload
$session.PutFiles($temp, $destinantion).Check()
}
finally
{
# Disconnect, clean up
$session.Dispose()
}
# Delete files older than the $limit.
Get-ChildItem -Path $path -Recurse -Force | Where-Object { !$_.PSIsContainer } | Remove-Item -Force
# Delete any empty directories left behind after deleting the old files.
Get-ChildItem -Path $path -Recurse -Force | Where-Object { $_.PSIsContainer -and (Get-ChildItem -Path $_.FullName -Recurse -Force | Where-Object { !$_.PSIsContainer }) -eq $null } | Remove-Item -Force -Recurse
Remove-Item -Path $temp -Force
```
## possible command for the cronjob on the linux system
You can run this without the `-delete` and you will see affected files by the filter.
```bash
# -mtime +10 => older than 10 days
find /backup/gpos -mtime +10 -type f -delete
```
Reference in New Issue View Git Blame Copy Permalink