Restoring GPO’s without a backup.

This post rely’s on having Shadow Copy enabled.

I recently did some changes to a Group Policy Object that didn’t fill the need I was going for. I wanted to put it back but there is no undo when it comes to GPO.

A proper course of action would of course be to make a backup copy or test in a lab part of your network. In this case, the L2 felt the need to be more pressing and needed a quick resolution.

I tried a few ways to restore, including finding the GPO folder and trying to overwrite the folder with the one from shadow copy. This partially failed as some files are locked by Windows.

For anyone curious, this is where you would find the folder where group policies live.

If you are using NTFSR (standard) SYSVOL replication, your path is this:
C:\windows\SYSVOL\sysvol\ncdsb.loc\Policies

I am using DFSR replication for SYSVOL so this is my path:
C:\windows\SYSVOL_DFSR\sysvol\ncdsb.loc\Policies

(Side note, some don’t see the need for the switch but I’ve read that DFSR replication for SYSVOL is better as it is self-healing)

All the folders you see in this represent a group policy. If you want to know which folder is the GPO in question, you need to know the right unique ID.

This can be found in Group Policy management on the details tab (after you click on the GPO in question.)

In the case of a GPO that you want to revert, here are the steps I followed:

1- First backup the “broken” GPO to a folder on your C: drive. In Group Policy Management, you will need to find the actual GPO and not a link. For this you will need to expand Group Policy Objects.

2-Find the policy folder in the path above and go to previous version in Shadow copy. Find a point in time before your changes and open that version.

3- Copy the contents of the shadow copy folder to the folder you just created as a backup. Now what and where is critical.

The GPO folder will have folders called Machine and User. You need to dig down into the backup folder until you find them.

For example, here is how much I had to dig to find them:
C:\GPO Backups\{UNIQUE-ID}\DomainSysvol\GPO

Just say yes to overwrite all files and folders.

4-At this point, return to your actual GPO under Group Policy Objects, and say Restore From Backup…  Browse to where you backed it up and follow the wizard, making sure to select the right one (in the case you have other GPO’s backed up to that folder).

At this point, your GPO should be back to what it was before.