Back Up All Group Policy Objects using Backup-GPO and the Group Policy Management Console

Here are a couple of quick methods to backup all of your group policy objects in one hit. The first uses the Powershell cmdlet Backup-GPO. On a Windows Server 2008 domain controller fire up Powershell, and issue the following command, where C:\PATH_TO_BACKUP is the path where you want to save the backup:

Backup-GPO -All -Path C:\PATH_TO_BACKUP

The second method uses the Group Policy Management Console. Fire up gpmc.msc, and then expand your domain. Right click on ‘Group Policy Objects’ and then choose ‘Back Up All’ as shown below:

Backing up all GPOs using the Group Policy Management Console

Browse for a location to back up to, and give a description if you need one, then click Back Up and you’re done:

Choose a location and description for the GPO backup

 

References:

http://technet.microsoft.com/en-us/library/ee461052.aspx

Back Up a Certificate Authority in Windows Server 2008

Here are 2 manual methods to easily back up a Certificate Authority in Windows server 2008. The first method uses the ‘certutil’ utility from the command line. Simply open ‘cmd’ and type the following, where C:\CA_BACKUP is the path which you want to save the backup to:

certutil -backup C:\CA_BACKUP

You will see something like the output shown here:

Using the certutil -backup command

Notice that you are required to enter a password for the backup file in order to keep your CA data secure. Your backup files will now be found in the location you specified.

The second method uses the ‘Certificate Authority’ console. Using this method open the ‘Certificate Authority’ console and then right click on your CA and choose ‘All Tasks’ and then ‘Backup CA’ as shown:

Choosing 'Back up CA'

The first page of the Certificate Authority Backup Wizard is displayed, click ‘Next’:

The CA Backup Wizard

Choose which items you wish to back up, and then choose a location for your backup, then click ‘Next’:

Choose a backup location

Provide a password for the backup, and click ‘Next’:

Provide a password for your backup

Click ‘Finish’ complete the wizard and make your backup:

Complete the CA backup Wizard

As mentioned earlier these are manual methods for backing just the Certificate Authority data on a CA machine. You can always use schedule full system state backups using wbadmin, or your chosen third party backup tool, which will also backup this information.

Set deadline for windows update installation in WSUS

In certain circumstances, when using WSUS (Windows Server Update Services) in your environment, you may wish to deploy a critical Windows update sooner than your scheduled installation window. Personally, I would excercise extreme caution using this setting due to the gotchas outlined at the end of this post.  However, this can easily be achieved by setting a deadline for installation when you approve the update or updates. In the WSUS console simply select the update or updates, and then right click them and choose ‘Approve …’ as shown.

Approving an update in the WSUS console

Once the ‘Approve Updates’ screen opens, choose which group of computers you want to approve the update for. In this case I have chosen ‘All Computers’, and then  ‘Approved for Install’. Next right click the ‘All Computers’ group again and choose ‘Deadline’ and then ‘Custom’ as shown:

Set a custom deadline for installation of an update in the WSUS console

The ‘Choose Deadline’ screen opens. Choose the date and time that you want the update or updates to be installed at, as shown:

Choose the date and time for your deadline

Thats it, your update will now be installed at the time that you have set. There are a couple gotchas using this setting that it is worth being aware of. Firstly if the update with the deadline requires a restart, the computer will reboot after installation regardless of what the user is doing at the time. It is therefore probably best to avoid deadline times in the middle of the working day when users may suddenly find their computers reboot with little or no warning causing them to lose work. Secondly, a deadline will override the ‘No auto-restart with logged on users for scheduled automatic updates installations’ Group Policy setting, so again be careful if you have this GPO setting enabled, as you may not expect your computers to reboot, but they will in this case.

References:

http://technet.microsoft.com/en-us/library/dd939923(WS.10).aspx