GPO: XCopy Backup Script

3 minute read

Description:

In an Active Directory environment, create a script similiar to this to backup user’s desktop and “My Documents” folders:

Logon and Logoff Scripts will need to be in the following folders:

C:WindowsSystem32GroupPolicyUserScriptsLogoff
C:WindowsSystem32GroupPolicyUserScriptsLogon

While Startup and Shutdown Scripts will need to be in these folders:

C:WindowsSystem32GroupPolicyMachineScriptsShutdown
C:WindowsSystem32GroupPolicyMachineScriptsStartup

To Resolve:

  1. Save the following as a batch script and place it in the OU for whichever users you want to backup. They need to have write access to said directory:

xcopy “C:Users%username%Documents*” “\fileserverusers%username%My Documents” /D /E /Y /I

1a. D = Copies source files changed on or after the specified date only. If you do not include a MM-DD-YYYY value, xcopy copies all Source files that are newer than existing Destination files. This command-line option allows you to update files that have changed.

1b. E = Copies all subdirectories, even if they are empty. Use /e with the /s and /t command-line options. /t

1c. Y = Suppresses prompting to confirm that you want to overwrite an existing destination file.

1d. I = If Source is a directory or contains wildcards and Destination does not exist, xcopy assumes Destination specifies a directory name and creates a new directory. Then, xcopy copies all specified files into the new directory. By default, xcopy prompts you to specify whether Destination is a file or a directory.

  1. The alternative is to create a public/ private shares on the fileserver and have a script that maps drives on login. Explain to users that what is not saved in those drives is not backed up.

  2. Now we need to set this up to auto launch on login through a GPO. There seems to be confusion between using a logon script on ADUC instead of GPO, I’m here to tell you that GPO works much better. Follow these next steps.

  3. On the domain controller, open “Group Policy Management” and navigate to the OU needed. I always do IT computers first because I work in a 3 man IT Dept so the path was ForestDomains(DomainName)CorporateEmployeesITEmployees” – Then create a new GPO and link it there. I called it “Test_Logon_Script”

  4. Now you right click and “Edit” the script. Go to User ConfigurationPoliciesWindows SettingsScripts(Logon/Logoff). Double click on Logon. These next steps are counter-intuitive so pay attention.

  5. Find your batch script from step one and copy it. Then with the GPO open, select the “Show Files” button and paste it into that directory. You will then need to cancel out of the Login page and go back in to it. You should not have to navigate any directories, but instead click on your script directly. In the white box with script names, there should be NO DIRECTORIES, just the file name of the script.

6a. I had initially copied and pasted from C:Scripts and the script failed to start. I copied and pasted to the directory and it worked. Read the guide in the references for clarification. Done.

  1. Before moving to PowerShell, I did get Robocopy working pretty good. Copy and paste this into the batch file mentioned above, it will create a public backup for all users:

cd c:windowssystem32
robocopy C:Users%username%Documents \fileserveruserbackupsBackups%username%Documents /mir /z /e /R:10 /W:10 /mt:4
robocopy C:Users%username%Desktop \fileserveruserbackupsBackups%username%Desktop /mir /z /e /R:10 /W:10 /mt:4
robocopy C:Users%username%Favorites \fileserveruserbackupsBackups%username%Favorites /mir /z /e /R:10 /W:10 /mt:4
robocopy C:Users%username%Pictures \fileserveruserbackupsBackups%username%Pictures /mir /z /e /R:10 /W:10 /mt:4

Since I do not use those folders, but my own personal folder, I just created a batch file and a “simple task” in taskschd.msc:

cd c:windowssystem32
robocopy C:_gwill Z:Backupsgerry.williams_gwill /mir /z /e /R:10 /W:10 /mt:4

I set it to run every day at 5 am.

References:

http://superuser.com/questions/730494/how-do-i-map-user-accounts-and-directories-to-a-server-or-nas
https://www.petri.com/setting-up-logon-script-through-gpo-windows-server-2008

Note: I’m looking into something like this instead