Data Migration Tool: USMT GUI backup/restore tool using the PowerShell App Deploy Toolkit

“Ohh damn, I need to re-create my Explorer favorites, I need to re-enter my wireless profiles..”

Those are some of the comments you will hear from users receiving a new machine in a Service Desk function. Don’t worry, this tool includes it all, and will work when migrating from Windows 7 to Windows 10 as well!

Users will be able to migrate data them self by running this tool from Software Center.

In many cases, enterprises dosen’t offer an easy solution when it comes to migrating data from one machine to another. The best free tool i have come across is the User State Migration Tool (USMT) which is included in the Windows ADK. Sadly this solution is a command-line tool, and dosen’t offer an GUI. Then i came up with a solution. By combining PowerShell App Deployment Toolkit(PSADT) with USMT I made it easy to make this accomplishment. Be aware that this tool requires local administrative privileges for the end user, or making a package running as the local system account on the client PC.

If there is an external USB storage connected, the user gets the option to backup/restore to that location or the network location.

So what does the Data Migration Tool consist of?

The tool consist of a script installer “Deploy-DataMigrationTool.ps1” and a folder containing the installation files. Basically the installer will copy the files to “C:\Program Files (x86)\Data Migration Tool” and log to “C:\Windows\Logs\Software”. It will also create a shortcut in start “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Data Migration Tool.lnk”.

There is two ways of deploying this tool with SCCM:

Options:

  1. Package (running as local system): Choose this if the users have standard rights on the local machine.
  2. Application (requires local administrator previledges): This will make the application available as a local application with a shortcut in start. Requires that the user to be a local admin.

Before you begin deploying and testing

First we need to configure a network share for the use of this setup. In the example below i use a share for the backups called USMT Data Migration Tool$.

Folder rights if using option 1

Set the share rights on the network folder so that only Domian Computers have modify share access:

Set the NTFS permissions so only Domain Computers have modify rights:

Folder rights if using option 2

Set the share rights on the network folder so that only Domian Users have modify share access:

Set the NTFS permissions so that Domain Users have write access to This folder only and CREATOR OWNER have Modify rights to Subfolders and files only:

Before you test and deploy the tool, change the $NetworkLocation variable in the “.\Data Migration Tool\Deploy-Application.ps1” file.

Also I recommend that you read the USMT documentation in case you want to exclude file types or folders.
The policies are defined in the USMT XML files, which are located in “.\Data Migration Tool\Files” and is named:
  • MigUser.xml
  • MigDocs.xml
  • MigApp.xml

Deploying using option 1

If you are in an environment where users are not local administrators, the best solution is to run this as a package in system context. Below i describe how this can be archived. Be aware that this solution will give every system(computer object) account access to all folders in the share. There is no way to overcome this unless you want the user to type in the hostname of the PC that performed the backup. One could setup a cleanup script on the server hosting the share, to delete backups older than 14 days.

  1. Create a package with the files from the “Data Migration Tool” subfolder.
  2. Deploy the package to distribution points.
  3. Create a Program with “Deploy-application.exe” in the Command line textbox.
  4. Ensure that the environment is set as shown in the picture:
  5. Create a available deployment for a user or device collection and test the setup.

Deploying using option 2

This option allows the users with local administrative rights to have a local application installed with a shortcut in start.

  1. Create an applicaiton with all the content of the zipped folder “Data-Migration-Tool-<version>”
  2. Setup the Deployment Type program with the following install/uninstall commandline:
    Install:powershell.exe -ExecutionPolicy Bypass -file .\Deploy-DataMigrationTool.ps1
    Uninstall:powershell.exe -ExecutionPolicy Bypass -file .\Deploy-DataMigrationTool.ps1 -uninstall
  3. Define the Detection Rule:
  4. Configure the User Experiene to install as system:
  5. Deploy the application to a user or device collection and update policies, go to software center and install:
  6. After the installation, a shortcut will be presented in start:

Known errors

  • Recieving the USMT error 71 means that you have done something wrong with the folder permissions.
  • Recieving the USMT error 37, don’t run this tool on a server you fool 😉
  • Recieving the USMT error 26, check volume size of the backup destination.

Changes

1.13
-Added the option to backup only domain users who has logged in within defined days. The variables to enable/configure this option is in the top of the Deploy-Application.ps1 script called:
$BackupDomainUsersOnly
$BackupDomainUsersLoginWithinDays
-Changes where made to the Start-UserStateMigrationTool function in the AppDeployToolkitExtensions.ps1 script.

1.12

-Removed the Convert-FromString function from the Export-WLANProfiles function in the AppDeployToolkitExtensions.ps1 as it was dependent on PowerShell version >= 5.0.

-Added a check to only export WLAN profiles when running on a psysical machine.

1.11:

-Removed the parameter -NoAppSettings switch from the Start-UserStateMigrationTool function call in the Deploy-Application.ps1 script.
-Removed the custom XML from the command line string in the 
Start-UserStateMigrationTool function located in the AppDeployToolkitExtensions.ps1

1.1:
-Changed the current user variable to be the current user session instead of running context. Was an issue if running as system.

1.0

Version Download

Data Migration Tool 1.13

Data Migration Tool 1.12

Data Migration Tool 1.11

I would very much like to improve this tool, so please share ideas!

23 thoughts on “Data Migration Tool: USMT GUI backup/restore tool using the PowerShell App Deploy Toolkit”

  1. Hello,
    First of all, great tools.
    I tested it locally with admin rights, but it comes out with error 71 or 28.
    After analysis of the log it uses a CustomMig.xml file that is not present in the package.
    Is this an oversight?
    Thank you in advance for your answer
    Cyrille

    • Hi Cyrille,
      Thanks for your feedback, you’re right about the oversight. I had some custom stuff in my own XML file i used for testing. It’s now correct and should work in the new v.1.11.
      /Morten

  2. The WLAN profile functions are not working on a virtual WIN7 test box. The “$WLANProfiles = netsh.exe wlan show profiles |`” in AppDeployToolkitExtensions.ps1 returns “The wireless AutoConfig Service is not running” and the script is looking for “All User Profile”. Even with the service running is fails as there is no wireless interface.

    • Hi Mike,
      Thanks for the heads up, i’ll add a check for virtual machine and skip the WLAN profile migration in the next release.

    • Hi,
      The user who took the backup will be presented with a restore button when running on a new system.
      The script will basically check if there is a backup available in line 175 of the script:
      if(Test-Path “$Location\$Profile\USMT\USMT.MIG”){
      Write-Log “Old backup detected..”
      $BackupInfo = Get-ChildItem “$Location\$profile\USMT\USMT.MIG”
      $BackupAge = $BackupInfo.LastWriteTime.ToString(“yyyy-MM-dd HH:mm”)
      $BackupGBSize =[Math]::Round((($BackupInfo | Measure-Object -Property length -sum).sum /1GB),3)
      }
      Hope that helps
      EDIT: You can test if you run a successfull backup on a machine, and run the tool again, you’ll se the restore button is present.

  3. Hi ,
    Thanks for the great tool.
    While trying to execute it in our SCCM Test lab, we are getting the below error.
    1. Created a package and used deploy application.exe as the command line, deployed it to a device collection.
    2. Got the initial screen, once clicked on backup, getting the below error, i guess the issue might be due the test machine being a VM.
    3. Error mssg:

    Error Record:

    Message : the term “Convertfrom-string” is not recognised as the name of a cmdlet,fnction,script file or operable program.Check the spelling of the name or if a path was included, verify that the path is correct and try again.

    Inner exception:
    FullyQualifiedErrorId:CommandNotFOundException
    ScritpStackTrace:at Export-WLANProfiles,C:\windows…..AppDeployToolkitExtenstion.ps1: line 128 at ,

    C:\windows….deploy-applications.ps1 line 222

    4. Tried to comment the WLAN script block, then we got the error as “execution failed with exit code 71.”

    Pls let us know how to fix this issue.

    • Hi Sameer,

      I have uploaded a new version (1.12) that should fix the error with the WLAN function.

      The error 71 you recieve is due to lack of permissions on the share. Please read section “Before you begin deploying and testing” again as i have updated that section to ensure that correct rights has ben setup on the share.

      Let me know if that helps, or the issue persist

      /Morten

  4. Hey, Thank you for the tool ,I am having troubles with something. I want to migrate domain accounts that have been last logged in 30 days ago. I don’t want any local accounts. How would I change that?

    • Hi Hasam,

      Thanks for your response and suggestion to the tool.
      I’ve added two new parameters in v1.13 in the Deploy-Application.ps1 script:
      $BackupDomainUsersOnly
      $BackupDomainUsersLoginWithinDays
      Set them to match your needs 🙂

  5. Hello,

    Thank you for the script.
    I just downloaded version 1.13 of the migration script.
    I changed the line to only migrate the domain accounts however this does not work the script even retrieves the local accounts. Do you have an idea ?

    Here are the variables that I modified:

    [switch]$BackupDomainUsersOnly = $true,
    [Parameter(Mandatory=$false)]
    [string]$BackupDomainUsersLoginWithinDays = ‘5’, #only used if BackupDomainUsersOnly is true

    • Hi hi,

      I just tested this myself and it works just fine. Did you overwrite the whole package or just the Deploy-Application.ps1 script? I did make changes to the AppDeployToolkitExtensions.ps1 script in the Start-UserStateMigrationTool function. You need to update that file to make it work. Sorry i didn’t state that in the change log – now added.

      If you did update the package properly and it still dosen’t work, check this log: C:\Windows\Logs\Software\Zwable_DataMigrationTool_1.13_EN_01_PSAppDeployToolkit_Install.log
      In the Installation section there is an execution of the SCANSTATE.exe with very long parameter. In your example it should state something like this among the parameters to work:
      /ui:$YOURDOMAIN$\* /uel:5 /localonly

      /Morten

    • Thank you for your help.
      Finally I used the environment variable to save the user’s profile / ui: $ env: UserName.

      Have a good day

      • No worries.

        Be carefull about using that environment variable as it will be the system account if running with option 1 (local system). Instead use the PSADT variable $($CurrentLoggedOnUserSession.UserName) as it will be the logged on username regardless of the running context.

        /Morten

  6. Hi ,

    The WAN issue got fixed with the new version, and some permission issues. Thanks for helping me out.

    One more request.

    Is it possible to create a log in a shared location for each type of backup (shared folder & USB) with the computer name as the file name.

    Eg:
    If a user, performs a back up using USB , a log file should get created in a shared location with the computer name as the file name, so that we can get confirmation on what has happened for the backup.

    Thanks in advance.

    Regards,
    Sameer

    • Hi Sameer,

      Sure that is possible, but would require some changes to the script ensuring that the share is accessible before during a USB backup. Currently the script checks connectivity after choosing ‘Use network share’. Also the option to backup to a USB is made with offline scenarios in mind.

      Which method are you using? If you are running this as a package in SCCM you can follow the execution in a report.

      /Morten

      • Hi Morten,

        We are using the package method and are keenly looking to save the USB backup logs in a network share.
        let me know the code to be added to achive the same.

        Also, if i dont want the final completion pop-up, can i just comment the portion to stop the pop-up and continue with the next step.

        if(Test-Path “$Location\$Profile\USMT\USMT.MIG”)
        {
        Show-InstallationPrompt -Message “Backup complete.nnRun the tool on the destination computer to perform the restore.” -ButtonMiddleText ‘Exit’ -NoWait
        }
        else
        {
        Show-InstallationPrompt -Message “Backup failed. This could be caused by encrypted files on your documents or desktop folder. Read more here: nn $Location\$Profile\” -ButtonMiddleText ‘Exit’ -NoWait -icon Error
        }

  7. Hi Morten,

    Once the user restores the data,

    1.how can we confirm that the data has been restored back properly, and then
    2.delete the backup data only for that user.

    or can we set any retention period for the backup data and then it gets deleted automatically.

    Regards,
    Sameer

    • Hi Sameer,

      A successfull backup will have a SAVESTATE.log and a PROGRESS.log present in their backup folder, with the PROGRESS.log stating:
      totalPercentageCompleted, 100

      A successfull restore will have a SAVESTATE.log, LOADSTATE.log and a PROGRESS.log present in their backup folder, with the PROGRESS.log stating:
      totalPercentageCompleted, 100

      One could run a script like this on the server to delete completed restores:

      Hope this helps!

      /Morten

  8. Hi,

    This is a very helpful tool, I’m in the process of testing and so far so good.

    We are a Google shop, we use Google File Stream to create a local drive letter to the user’s Google drive share, I noticed that the tool is backing it up, is there a way we can modify the script to bypass it?

    Thanks in advance for your assistance and thanks again for sharing the tool.

    Carlos

  9. Hi Morten,

    Thank you for this, I have been using it manually since I discovered it a little while back. I wanted to ask one question when using the executable.

    Did you configure the executable to request Admin? We currently use Desktop Central for our SSP. I ask because the SSP will run all software with admin but this one prompts a UAC.

    Thanks!!

    • Hi Brandon,

      I’m glad you find this to good use. About your experience with UAC, the Deploy-Application.exe should only prompt for UAC if the caller process is not elevated.

      If you for example open a PowerShell prompt as admin and execute the Deploy-Applicaion.exe you will se that no UAC is prompted.

      How is the Migratation Tool deployed and executed on the endpoints?

      /Morten

Leave a comment