none
Restore a GPO on windows server 2012

    Question

  • Hello :)

    I have accidentally deleted a gpo from a windows server 2012 r2 and i have no GPMC backup.

    but i have restored the right gpo folder from SYSVOL by Veeam backup.

    my question is, can i just copy the restored gpo folder into the sysvol folder.

    or how do i restore the gpo on the right way.

    Wednesday, October 14, 2015 9:39 AM

Answers

  • > but i have restored the right gpo folder from SYSVOL by Veeam backup.
    > my question is, can i just copy the restored gpo folder into the sysvol
    > folder.
     
    You can, but that's not sufficient.
     
    I'd recommend to create a new GPO that contains at least one setting in
    every area that the old one had. Then replace the sysvol folder content
    of this new GPO with the old one.
     
    Then edit ONE Setting in ADM templates, apply, revert. This will sync
    the wrong version number. Or edit gpt.ini in the folder and match the
    version to the version of the GPO (low part = computer version, high
    part = user version). If version numbers in AD and sysvol do not match,
    GPO processing will not happen.
     
    The harder way: Restore the old folder, create a groupPolicyContainer
    object in AD (System\Policies), populate the required attributes
    (gPCFileSysPath, gPCUSerExtensionNames, gPCMachineExtensionNames,
    Version and so on).
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Wednesday, October 14, 2015 9:54 AM

All replies

  • > but i have restored the right gpo folder from SYSVOL by Veeam backup.
    > my question is, can i just copy the restored gpo folder into the sysvol
    > folder.
     
    You can, but that's not sufficient.
     
    I'd recommend to create a new GPO that contains at least one setting in
    every area that the old one had. Then replace the sysvol folder content
    of this new GPO with the old one.
     
    Then edit ONE Setting in ADM templates, apply, revert. This will sync
    the wrong version number. Or edit gpt.ini in the folder and match the
    version to the version of the GPO (low part = computer version, high
    part = user version). If version numbers in AD and sysvol do not match,
    GPO processing will not happen.
     
    The harder way: Restore the old folder, create a groupPolicyContainer
    object in AD (System\Policies), populate the required attributes
    (gPCFileSysPath, gPCUSerExtensionNames, gPCMachineExtensionNames,
    Version and so on).
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Wednesday, October 14, 2015 9:54 AM
  • Thanks for fast reply, but the problem is that it went so fast that i cant remember anything of the gpo i deleted.
    Wednesday, October 14, 2015 10:08 AM
  • > Thanks for fast reply, but the problem is that it went so fast that i
    > cant remember anything of the gpo i deleted.
     
    Then examine its sysvol folder. The subfolders in .\machine and .\user
    will point you to the settings - their names are quite descriptive.
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Thursday, October 15, 2015 8:17 AM