Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## This function backs up a user's NTUSER.DAT file.
- Function Backup-UserHive ($User = $env:username, $BackupDestination = "c:\userdats\$User") {
- $ErrorActionPreference = "stop"
- $ShadowCopyDir = "c:\tempshadow"
- $DateStamp = (get-date).ToString('d-M-y')
- if (!(test-path $BackupDestination)) {
- Write-Output "No target folder found, creating one: $BackupDestination"
- New-Item ($BackupDestination) -ItemType Directory
- }
- if (!(gwmi Win32_ShadowCopy)) {
- Write-Output "No shadow copies found, creating one..."
- (gwmi -List Win32_ShadowCopy).Create('C:\', 'ClientAccessible')
- }
- Write-Output "Identifying latest shadowcopy..."
- $ShadowCopy = gwmi Win32_ShadowCopy | Sort-Object InstallDate -Descending | Select-Object -first 1
- Write-Output "Creating symbolic link: $ShadowCopyDir <==> $($ShadowCopy.DeviceObject)"
- cmd /c mklink /d $ShadowCopyDir $ShadowCopy.DeviceObject
- Write-Output "Copying NTUSER.DAT for user: $user"
- $NewFileName = "$user - $DateStamp - NTUSER.DAT"
- Copy-Item -path "$ShadowCopyDir\users\$User\NTUSER.DAT" -destination $BackupDestination\$NewFileName -Force
- Write-Output "Removing symbolic link to shadowcopy..."
- cmd /c rmdir $ShadowCopyDir
- }
- Backup-UserHive
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement