-
Notifications
You must be signed in to change notification settings - Fork 0
/
shadowcopy_backup_deploy.ps1
145 lines (122 loc) · 6 KB
/
shadowcopy_backup_deploy.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# ------------------------------------------------------------------------------
# --------------------- DEPLOY_AND_MAKE_SCHEDULED_TASK ---------------------
# ------------------------------------------------------------------------------
# - this script creates folder C:\ProgramData\shadowcopy_backup
# - copies in to it "shadowcopy_backup.ps1"
# - copies in to it itself - "shadowcopy_backup_deploy.ps1"
# - copies in to it - "SHADOWCOPY_BACKUP_DEPLOY.BAT"
# - creates in it a config file named based on user input
# - creates new ShadowBackupUser account with a password
# - creates new scheduled back up task
# start logging in to a file in %temp%
$log_file = "$env:TEMP\shadowcopy_deploy_log.txt"
Start-Transcript -Path $log_file -Append -Force
$ErrorActionPreference = "Stop"
# check if running as adming
$running_as_admin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
if (-NOT $running_as_admin){
echo "NOT RUNNING AS ADMIN, THE END"
cmd /c pause
exit
}
$t = Get-Date -format "yyyy-MM-dd || HH:mm:ss"
echo " "
echo "################################################################################"
echo "####### $t #######"
echo " "
# get the name that will be associated with this backup
echo "ENTER THE NAME OF THE BACKUP"
echo "- config file will be named based on it"
echo "- archives will be named after it"
echo "- shechuled task will have it in the name"
$backup_name = Read-Host "- no spaces, no diacritic, no special characters"
while (!$backup_name) {
$backup_name = Read-Host "- no spaces, no diacritic, no special characters"
}
# paths in variables that will be used
$deploy_folder = 'C:\ProgramData\Shadowcopy_Backup'
$config_path = "C:\ProgramData\Shadowcopy_Backup\" + $backup_name + "_config.txt"
# check if config with the same name does not alrady exists
if (Test-Path $config_path) {
echo "THE NAME: $backup_name IS ALREADY IN USE!"
cmd /c pause
exit
}
echo "- installation path: $deploy_folder"
if (Test-Path $deploy_folder) {
echo "- the folder already exists"
} else {
New-Item C:\ProgramData\Shadowcopy_Backup -type directory
echo "- the folder created"
}
$config_template = @"
# backups will be named based on this config file name
target=C:\test
backup_path=C:\
# 0=no-compression,5=default,9=ultra [0 | 1 | 3 | 5 | 7 | 9 ]
compression_level=0
# delete applies to zip files at the backup_path
# their name must start the same as the name of this config file
delete_old_backups=true
keep_last_n=10
keep_monthly=false
keep_n_monthly=10
keep_weekly=false
keep_n_weekly=4
"@
$config_template | Out-File -FilePath $config_path -Encoding ASCII
echo "- config file created: $config_path"
# change permissions to allow easy editing of the config file
$Acl = Get-Acl -Path $config_path
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule("USERS","Modify","Allow")
$Acl.SetAccessRule($Ar)
Set-Acl -Path $config_path -AclObject $Acl
echo "- changing config files permissions to allow easy editing"
if ($PSScriptRoot -eq "C:\ProgramData\Shadowcopy_Backup") {
echo "- running the script from $deploy_folder"
echo "- nothing is being copied"
echo "- only a new config file is created and a new scheduled task"
} else {
echo "- copying the files to $deploy_folder"
echo "- will overwrite script files if already exist"
robocopy $PSScriptRoot $deploy_folder shadowcopy_backup.ps1 shadowcopy_backup_deploy.ps1 SHADOWCOPY_BACKUP_DEPLOY.BAT /NFL /NDL /NJS /IS
}
# new user to allow the scheduled task to run without being seen in any way, /RU SYSTEM does not work on win10, and 7/8 had less info in logging
$local_users = Get-LocalUser
if (-NOT ($local_users.Name -contains "ShadowBackupUser")) {
echo "ADDING NEW USER: ShadowBackupUser"
echo "- enter new password for this account"
$Password = Read-Host -AsSecureString
New-LocalUser -Name "ShadowBackupUser" -Password $Password -Description "Shadow Backup Administrator" -AccountNeverExpires -PasswordNeverExpires
Add-LocalGroupMember -Group "Administrators" -Member "ShadowBackupUser"
echo "- added to the Administrators group"
# editing registry to hide the account from login screen
$registry_path = 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList'
New-Item $registry_path -Force | New-ItemProperty -Name "ShadowBackupUser" -Value 0 -PropertyType DWord -Force
echo "- hidding ShadowBackupUser from the login screen"
} else {
echo "- ShadowBackupUser already exists, youd better remember the password"
}
# scheduled task should be edited manually afterwards using taskschd.msc
echo "CREATING NEW SCHEDULED TASK"
$schedule = "DAILY" # MINUTE HOURLY DAILY WEEKLY MONTHLY ONCE ONSTART ONLOGON ONIDLE
$modifier = 1 # 1 - every day, 7 - every 7 days, behaves differently depending on unit in schedule
$start_time = "20:19"
$title = "Shadowcopy_Backup_$backup_name"
$command_in_trigger = "'& C:\ProgramData\Shadowcopy_Backup\shadowcopy_backup.ps1 -config_txt_path $config_path'"
$trigger = "Powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -Command $command_in_trigger"
# using cmd for the compatibility with windows 7 instead of Register-ScheduledTask cmdlet
# /RP for password is needed to allow run without being logged in
cmd /c SchTasks /Create /SC $schedule /MO $modifier /ST $start_time /TN $title /TR $trigger /RL HIGHEST /F /RU ShadowBackupUser /RP
echo "- edit the scheduled task using taskschd.msc for the specific needs"
echo "CHECKING IF 7-ZIP IS INSTALLED"
if (-NOT (test-path "$env:ProgramFiles\7-Zip\7z.exe")) {
for ($i=0; $i -lt 20; $i++){
echo " INSTALL 7-zip x64 !!!"
}
} else {
echo "- 7-zip x64 seems to be installed"
}
echo " "
echo "################################################################################"
cmd /c pause