Backup-UserHive

1. ## This function backs up a user's NTUSER.DAT file.
2. Function Backup-UserHive ($User = $env:username, $BackupDestination = "c:\userdats\$User") {
3.     $ErrorActionPreference = "stop"
4.     $ShadowCopyDir = "c:\tempshadow"
5.     $DateStamp = (get-date).ToString('d-M-y')
6.  
7.     if (!(test-path $BackupDestination)) {
8.         Write-Output "No target folder found, creating one: $BackupDestination"
9.         New-Item  ($BackupDestination) -ItemType Directory
10.         }
11.     if (!(gwmi Win32_ShadowCopy)) {
12.         Write-Output "No shadow copies found, creating one..."
13.         (gwmi -List Win32_ShadowCopy).Create('C:\', 'ClientAccessible')
14.         }
15.     Write-Output "Identifying latest shadowcopy..."
16.     $ShadowCopy = gwmi Win32_ShadowCopy | Sort-Object InstallDate -Descending | Select-Object -first 1
17.     Write-Output "Creating symbolic link: $ShadowCopyDir  <==> $($ShadowCopy.DeviceObject)"
18.     cmd /c mklink /d $ShadowCopyDir $ShadowCopy.DeviceObject
19.     Write-Output "Copying NTUSER.DAT for user: $user"
20.     $NewFileName = "$user - $DateStamp - NTUSER.DAT"
21.     Copy-Item -path "$ShadowCopyDir\users\$User\NTUSER.DAT" -destination $BackupDestination\$NewFileName -Force
22.     Write-Output "Removing symbolic link to shadowcopy..."
23.     cmd /c rmdir $ShadowCopyDir
24.     }
25.  
26. Backup-UserHive