Manage Windows 7 Backup options using Group Policy
In the enterprise environment, administrators may delegate end users with the responsibility of performing their own data backups. Windows 7 like previous versions of Windows has in-built data backup functionality. Although, this is not a common scenario and is not probably recommended by many IT professionals, you may come across particular situations where the most practical solution is to allow end users manage their own data backups. Personally, I have experienced a similar situation where a team of software developers wanted to backup temporary research data that was not so critical to the organization and the storage requirements to store this data on a network share were not justified. Using Group Policies, an administrator can control end users backup options and manage better the organization’s backup strategy.
The policy settings for Windows backup are both user and computer settings. The user specific settings are client-only settings and are found in the following location:
User Configuration\Administrative Templates\Windows Components\Backup\Client
While the computer settings are for both the client and the server and are found in the following locations:
Computer Configuration\Administrative Templates\Windows Components\Backup\Client
Computer Configuration\Administrative Templates\Windows\Components\Backup\Server
The policy settings for Windows Backups are written to the registry on targeted computers under HKLM\Software\Policies\Microsoft\Windows\Backup and a brief description of each policy setting is found below:
Prevent the user from running the Backup Status and Configuration Program: This setting lets you disable the Backup Status and Configuration program, which links to the file backup, file restore, and Complete PC Backup applications and shows backup status.
Prevent backing up to local disks: This setting lets you prevent users from selecting a local disk (internal or external) for storing backups.
Prevent backing up to network location: This setting lets you prevent users from selecting a network location for storing backups.
Prevent backing up to optical media (CD/DVD): This setting lets you prevent users from selecting optical media (CD/DVD) for storing backups.
Turn off the ability to back up data files: This setting lets you disable the data file backup functionality.
Turn off restore functionality: This setting lets you disable file restore functionality.
Turn off the ability to create a system image: This setting lets you disable the creation of system images.
Under the Computer Configuration\Administrative Templates\Windows\Components\Backup\Server node you find the following options:
Allow only system backup: This policy setting allows you to manage whether backup of only system volumes is allowed or both OS and data volumes can be backed up.
Disallow locally attached storage as backup target: This policy setting allows you to manage whether backups of a machine can run to locally attached storage or not.
Disallow network as backup target: This policy setting allows you to manage whether backups of a machine can run to a network share or not.
Disallow optical media as backup target: This policy setting allows you to manage whether backups of a machine can run to an optical media or not.
Disallow Run-Once backups: This policy setting allows you to manage whether run-once backups of a machine can be run or not.
As you can see from the above available options together with the functionality of Windows Backup, SMBs and small setups can benefit from a complete data backup solution without the need of purchasing an expensive third-party application.
