does anyone know of a way to perform an automatic export (to xml files) of all the tasks, policies, permission sets and assignments ?
The goal is to set up a daily backup. I know these data are already backed up through SQL backups, but I'd like to be able to easily perform granular restores when needed.
When I go to "Automation" > "Server Tasks" > "New Task", the predefined "Actions" drop-down list contains tasks such as "Export Policies" or "Import Client Tasks", but nothing like "Export Client Tasks", ...
It is a shame that these functions are not available in Server Tasks, since they are available from other menus, for example :
"Policy" > "Client Task Catalog" > "Actions" > "Export Tasks"
"Policy" > "Client Task Assignments" > "Actions" > "Export All Assignments"
"Policy" > "Policy Assignments" > "Actions" > "Export All Assignments"
"Systems > "System Tree" > "System Tree Actions" > "Export Systems"
"User Management" > "Permission Sets" > "Permission Sets Actions" > "Export All"
I already tried using a Windows Scheduled Task that triggers a Web API script / Python script, but these methods require that you store (in clear text) credentials to establish the connection to the ePO. I never found a way to make cURL or Wget reuse the Scheduled Task credentials for their http traffic with the ePO.
Has anyone managed to perform such automated backups ?
Leveraging Python scripting is the way to go. Your concern about clear text passwords is valid but as the programmer you should write a function that provides for some form of reversible encryption to prevent the clear text storage of your passwords.
In other automation I have written to date I have developed an AES function to take a password and encrypt it while embedding the key in the resulting output. The user Id and password would be stored in an INI file and access by the program. This way you can easily change program data as required. These are actual userId and password I use in one of my programs:
It is not completely safe, but is far better than storing clear text data.
I found that this is more secure in Perl when the program can be compiled using ActiveState's Perl Development Kit which keeps the source code out of the hands other that may want to reverse engineer the password. So far I have not obtained a Python compiler to keep people from reading my code.Message was edited by: HBullock on 7/27/11 9:01:37 AM CDT
Create a new server task with the action of run query. then select the queries you want- i.e. scroll down to Policy Assignments (shared groups) and select for example: "applied policies by name"
sub action- export to file - enter file name, export chart data and drill down tables and selct your desired format.
That will get you some results you want, also, if you can create your own queries then you can export it through a task.
There are also queries for broken inheritance etc etc. have a look to see if this helps.