Following on from the previous post on environment backup, how we’re going to look at the users own data.
I’m sure we’re all following the 3-2-1 rule for our infrastructure, but what about user data on the device. We now have wonderfully cloud managed devices which can be remotely rebuilt to users in the comfort of their own homes with just the click of a button and very little IT input. But, what happens when the user calls and asks “where are my Outlook email addresses?”, “what’s happened to that crucial spreadsheet saved on my desktop” or “where has the smiley face gone from Word?”.
Obviously this can be done the old fashioned way where a tech connects to the machine, manually grabs everything they find, backs up, rebuilds and then restores, but this kind of defeats the point of cloud management, they might as well be dropping it off for a good old re-image.
Thankfully we have options…
First up, start with the obvious one, deploy OneDrive for Business with Known Folder Move and Silent Enable
This will capture their Desktop, Documents and Pictures which is a good start!
You’ll also notice I have an exclusion in there, this is for .lnk files to stop the situation where you move computers and end up with multiple Teams icons amongst others.
So, what can we do to catch more data?
Next up, we welcome Enterprise State Roaming.
Navigate to the Azure Portal and load Azure Active Directory then click on Devices
Click Enterprise State Roaming and turn it on, it’s literally that easy!
This adds the backup of the following:
Getting better, but we’re still missing some things and now we’re out of in-built tools so we’re going to have to go custom.
For this I’m using an old-school Batch script as I’ve found they play better with OneDrive Files on Demand
We have 4 scripts in total, one for backup, one for restore, one to run it silently and the final one to configure the backups on the device.
- Email Signatures
- Outlook Auto Entries
- Excel and Word Startup Files
- PST Files (in localappdata)
- Word Normal.Dor
- Office UI Settings
- Chrome Bookmarks
- Sticky Notes
- Output of mapped drives
These are all exported into a newly created backup folder in the users OneDrive folder
No-one wants the users to see our magic, so this runs the batch script silently
Set WshShell = CreateObject("WScript.Shell") WshShell.RUN "cmd /c c:\backup-restore\backup.bat", 0
Basically, does the opposite of the backup
Finally, this PowerShell script puts it all together and is the only one you need to deploy to your Intune Environment.
This grabs the above scripts and exports them into c:\backup-restore
##Download Backup Script $backupurl="https://raw.githubusercontent.com/andrew-s-taylor/public/main/Batch%20Scripts/backup.bat" $backupscript = "c:\backup-restore\backup.bat" Invoke-WebRequest -Uri $backupurl -OutFile $backupscript -UseBasicParsing ##Download Restore Script $restoreurl="https://raw.githubusercontent.com/andrew-s-taylor/public/main/Batch%20Scripts/NEWrestore.bat" $restorescript = "c:\backup-restore\restore.bat" Invoke-WebRequest -Uri $restoreurl -OutFile $restorescript -UseBasicParsing ##Download Silent Launch Script $launchurl="https://raw.githubusercontent.com/andrew-s-taylor/public/main/Batch%20Scripts/run-invisible.vbs" $launchscript = "c:\backup-restore\run-invisible.vbs" Invoke-WebRequest -Uri $launchurl -OutFile $launchscript -UseBasicParsing
It then creates a scheduled task to run the run-invisible.vbs file on user login
##Create scheduled task # Create a new task action $taskAction = New-ScheduledTaskAction -Execute 'c:\backup-restore\run-invisible.vbs' ##Create Trigger (login) $taskTrigger = New-ScheduledTaskTrigger -AtLogOn # Register the new PowerShell scheduled task #Name it $taskName = "UserBackup" #Describe it $description = "Backs up User profile to OneDrive" # Register it Register-ScheduledTask ` -TaskName $taskName ` -Action $taskAction ` -Trigger $taskTrigger ` -Description $description
Whilst not perfect, between these three tools, the majority of user data should be safely backed up.
In the next post, we will look at backing up the Intune environment itself…