Export & Import Checklists
Step-by-step checklists for setting up regular exports and executing restores. Print these or save them as reference cards for your deployment runbooks.
Checklist: Export Setup
| # | Task | Details |
|---|
| 1 | Split application definitions | Create separate definitions for machine-level data (HKLM, ProgramData) and user-level data (HKCU, AppData). Use a consistent naming convention like -Machine / -User. See Split Jobs by Permission Scope. |
| 2 | Create UNC share structure | Set up \\server\backups\%COMPUTERNAME%\Machine\ and \\server\backups\%COMPUTERNAME%\%USERNAME%\. Configure NTFS permissions per principal (SYSTEM, user, import service account). See Working with UNC Paths. |
| 3 | Store UNC credentials | Run cmdkey /add:\\server\backups /user:DOMAIN\svc_account /pass:... under each account that will access the share (SYSTEM, service account, user). |
| 4 | Create machine export task | Scheduled Task: trigger daily at 02:00, run as SYSTEM, run whether user is logged on or not. Command: AppProfileSafe.CLI.exe --export --manifestFile "\\server\backups\%COMPUTERNAME%\Machine\Manifest.xml" --apps "..." --unc-credential-store --silentMode |
| 5 | Create user export task | Scheduled Task or GPO logon script: trigger at logon with 120-second delay, run as logged-in user (elevated). Command: AppProfileSafe.CLI.exe --export --manifestFile "\\server\backups\%COMPUTERNAME%\%USERNAME%\Manifest.xml" --apps "..." --unc-credential-store --silentMode |
| 6 | Verify first export | After the first scheduled run, check the share for Manifest.xml and the data subfolder. Review the run report for errors. |
| 7 | Set up retention | Configure backup retention on the share — keep the N most recent backups per machine/user. See Backup & Retention Strategy. |
| 8 | Set up monitoring | Monitor exit codes. Forward failures to SIEM via the Event Pipeline or write Windows Event Log entries on non-zero exit codes. |
Checklist: Import / Restore
| # | Task | Details |
|---|
| 1 | Determine the scenario | Fresh build, side-by-side migration, profile reset, in-place upgrade or hardware swap? |
| 2 | Prepare mapping file (if needed) | Required when machine names, usernames, or drive letters differ between source and target. See What Is a Mapping File?. Not needed for profile resets or in-place upgrades on the same machine. |
| 3 | Locate the backup | Identify the correct backup path on the share: \\server\backups\%OLD_COMPUTERNAME%\Machine\ and \\server\backups\%OLD_COMPUTERNAME%\%USERNAME%\. Verify that Manifest.xml exists and the data folder is not empty. |
| 4 | Import machine-level settings | Run as SYSTEM or elevated admin, before first user logon. Use --noRestorePoint on fresh images. Use --mappingFile if paths differ. |
| 5 | Let the user log in | Allow 2–3 minutes for Windows profile creation and first-launch routines to complete. |
| 6 | Import user-level settings | Run in the user's session via delayed logon script, scheduled task, or self-service batch file. Use --ignoreRestorePointLimit to avoid abort on the 24h limit. |
| 7 | User restarts applications | Affected applications pick up restored settings on their next launch. Outlook may require closing and reopening. |
| 8 | Verify | Review the run report and audit log for errors. Check that settings are present in the target applications. |
Quick Reference: CLI Flags for Restore Scenarios
| Flag | When to use |
|---|
--noRestorePoint | Fresh images where restore points are meaningless. |
--ignoreRestorePointLimit | Scheduled tasks and scripts where the 24-hour limit should not cause a failure. See System Restore Points. |
--mappingFile | Cross-machine restores where hostnames, usernames, or drive letters differ. |
--silentMode | Unattended operation (SCCM, Intune, scheduled tasks). Not for self-service scripts where the user needs progress feedback. |
--unc-credential-store | Network share access with pre-stored credentials. Always for scheduled tasks. |
--preflight | Pre-import validation. Combine with --import to check without writing. |
See Also
