How to export SYSVOL data from an encrypted Cayosoft Guardian backup (GUI method)

Purpose

Cayosoft Guardian stores Active Directory domain controller backups as BitLocker-encrypted VHDX files. These backups can include the NTDS database, registry, and SYSVOL content (for example, Group Policy data and scripts).

Use this procedure when you need to extract SYSVOL files for recovery, auditing, or troubleshooting.

Prerequisites

• You have identified the correct backup .vhdx file in Cayosoft Guardian backup location/history.
• You have the BitLocker password or recovery key configured when the backup was created.
• You are using a Windows machine with local Administrator rights and BitLocker support enabled.
• You have access to File Explorer (and optionally Disk Management).

Exporting SYSVOL data

1. In Cayosoft Guardian, identify the backup path for the required domain controller backup. In File Explorer, browse to that location and confirm the correct .vhdx file by domain controller name and timestamp. If the backup is on a network share, verify access first and optionally copy the file locally for better performance.
2. Mount the .vhdx file in File Explorer by right-clicking it and selecting Mount (or by double-clicking it). As an alternative, open Disk Management (diskmgmt.msc), select Action > Attach VHD, choose the file, and enable Read-only to prevent accidental changes. After mounting, a new drive letter appears in This PC.
3. Open This PC, open the mounted drive, and enter the BitLocker password or recovery key when prompted. After successful authentication, the drive contents become accessible.

4. Browse to SYSVOL in the mounted volume. Depending on the backup layout, common paths include:

   • <DriveLetter>:\Windows\SYSVOL\sysvol\<domain-fqdn>\
   • <DriveLetter>:\Windows\SYSVOL\domain\

   Copy the required files or folders (typically from Policies and Scripts) to a local destination. Do not modify files inside the mounted backup volume.

5. After extraction is complete, unmount the virtual disk by right-clicking the mounted drive in File Explorer and selecting Eject, or by using Disk Management > Detach VHD.

Notes and best practices

• Prefer read-only attach and avoid in-place changes.
• Perform extraction only on a secure, trusted system.
• Use an isolated environment if you are analyzing suspicious content.
• Ensure the destination location has enough free space.
• If multiple backups exist, verify timestamp/date before mounting.